Compliance & Certifications
Overview
mixus maintains rigorous compliance with industry-leading security standards and privacy regulations to ensure your data is protected according to the highest global standards. Our compliance program demonstrates our commitment to security, privacy, and operational excellence. We regularly undergo third-party audits and assessments to verify our compliance with these standards and continuously improve our security posture.Current Certifications
π‘οΈ SOC 2 Type II
Security, Availability, Processing Integrity, Confidentiality, and Privacy Status: Currently in audit process for initial certification What SOC 2 Type II Covers- Security: Protection against unauthorized access
- Availability: System and service availability commitments
- Processing Integrity: Data processing accuracy and completeness
- Confidentiality: Protection of confidential information
- Privacy: Collection, use, retention, and disclosure of personal information
- Independent verification of security controls
- Detailed audit reports available upon request
- Evidence of operational security effectiveness
- Assurance of data protection standards
π GDPR Compliance
General Data Protection Regulation Status: Fully compliant since May 2018 Key GDPR Rights Supported- Right to Access: View all personal data we hold
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete personal data (βright to be forgottenβ)
- Right to Restrict Processing: Limit how data is processed
- Right to Data Portability: Export data in machine-readable format
- Right to Object: Opt-out of certain processing activities
- Privacy by design and by default
- Data protection impact assessments
- Data processing agreements with all vendors
- Appointment of Data Protection Officer
- Breach notification procedures (72-hour requirement)
ποΈ CCPA Compliance
California Consumer Privacy Act Status: Fully compliant Consumer Rights Protected- Right to Know: Information about data collection and use
- Right to Delete: Deletion of personal information
- Right to Opt-Out: Opt-out of sale of personal information
- Right to Non-Discrimination: No penalties for exercising rights
- Clear privacy notices and disclosures
- Consumer request portal for exercising rights
- Opt-out mechanisms for data sales (we donβt sell data)
- Staff training on CCPA requirements
Certifications in Progress
π ISO 27001
Information Security Management Systems Status: Pursuing certification (expected 2025) ISO 27001 Requirements- Information security management system (ISMS)
- Risk assessment and treatment processes
- Security controls implementation
- Continuous monitoring and improvement
- Management commitment and responsibility
- International recognition of security practices
- Systematic approach to managing information security
- Continuous improvement framework
- Enhanced customer confidence
π₯ HIPAA (Available)
Health Insurance Portability and Accountability Act Status: Available for healthcare customers with Business Associate Agreement HIPAA Safeguards- Administrative Safeguards: Security officer, workforce training, access management
- Physical Safeguards: Facility access controls, workstation use restrictions, device controls
- Technical Safeguards: Access control, audit controls, integrity, transmission security
- Business Associate Agreement (BAA) execution
- Healthcare or covered entity status
- Enhanced security controls for PHI
- Additional audit and monitoring requirements
Industry-Specific Compliance
π SOX Compliance Support
Sarbanes-Oxley Act For Publicly Traded Customers- Financial controls and audit trail capabilities
- Data integrity and access controls
- Change management procedures
- Audit logging and monitoring
π³ PCI DSS Considerations
Payment Card Industry Data Security Standard Current Status- Not directly applicable (we donβt store payment card data)
- Payment processing handled by PCI DSS compliant providers
- Secure transmission of payment data to processors
Global Privacy Regulations
πͺπΊ European Regulations
GDPR (General Data Protection Regulation)- Comprehensive privacy protection for EU residents
- Data subject rights and controller obligations
- Privacy by design requirements
- Significant penalties for non-compliance
- Cookie consent and tracking protection
- Electronic communications privacy
- Marketing communications consent
πΊπΈ United States Regulations
CCPA (California Consumer Privacy Act)- Consumer privacy rights in California
- Business obligations for data handling
- Opt-out rights for data sales
- Special protections for children under 13
- Parental consent requirements
- Educational use exceptions
π International Regulations
Brazil LGPD (Lei Geral de Proteção de Dados)- Brazilian privacy protection law
- Similar rights to GDPR
- Local data protection requirements
- Canadian privacy protection standards
- Consent requirements for data collection
- Data breach notification obligations
Audit and Assessment Program
π Third-Party Audits
Annual Security Assessments- SOC 2 audits by certified public accounting firms
- Penetration testing by independent security firms
- Vulnerability assessments and remediation
- Code security reviews and analysis
- Continuous compliance monitoring tools
- Regular internal audits and assessments
- Gap analysis and remediation planning
- Policy and procedure reviews
π Internal Controls
Security Controls Framework- Based on NIST Cybersecurity Framework
- ISO 27001 control objectives
- SOC 2 trust service criteria
- Regular control testing and validation
- Formal risk assessment procedures
- Risk treatment and mitigation plans
- Regular risk monitoring and reporting
- Third-party risk assessments
Data Processing Agreements
π€ Customer DPAs
Data Processing Agreements Available- GDPR-compliant data processing terms
- Clear roles and responsibilities
- Security measure specifications
- Sub-processor transparency
- Data processing purposes and categories
- Security measures and controls
- Data breach notification procedures
- Data subject rights support
π Vendor Management
Sub-Processor Requirements- All vendors undergo security assessments
- Data processing agreements with security requirements
- Regular vendor audits and monitoring
- Approved vendor list maintained and updated
Incident Response and Breach Notification
π¨ Incident Response
24/7 Incident Response- Dedicated incident response team
- Escalation procedures and communication plans
- Forensic analysis and containment procedures
- Recovery and lessons learned processes
- GDPR: Notification to supervisory authority within 72 hours
- Customer Notification: Within 72 hours if high risk to individuals
- Documentation: Complete incident documentation and reporting
- Remediation: Implementation of corrective measures
π Compliance Reporting
Regular Reporting- Annual compliance status reports
- Quarterly security metrics and KPIs
- Incident summary reports
- Control effectiveness assessments
- SOC 2 reports available to enterprise customers
- Compliance documentation and evidence
- Security control testing results
- Third-party assessment reports
Regional Compliance Requirements
πͺπΊ European Union
Data Residency- EU data centers available for European customers
- Cross-border transfer safeguards
- Standard contractual clauses (SCCs)
- Adequacy decision compliance
- Cooperation with data protection authorities
- Response to regulatory inquiries
- Compliance with enforcement actions
- Regular regulatory updates monitoring
πΊπΈ United States
State Privacy Laws- Compliance with state-specific requirements
- Monitoring emerging state privacy legislation
- Adaptation to new regulatory requirements
- Multi-state compliance coordination
- Compliance with applicable federal laws
- Sector-specific regulations (healthcare, financial)
- Government contracting requirements
- Export control compliance
Compliance Support
π Customer Compliance
Compliance Documentation- Security questionnaire responses
- Compliance certification copies
- Data processing documentation
- Audit reports and assessments
- Compliance consultation services
- Configuration guidance for compliance requirements
- Training and education resources
- Best practices documentation
π Training and Awareness
Staff Training- Regular compliance training for all employees
- Role-specific compliance requirements
- Privacy and security awareness programs
- Incident response training and simulations
- Compliance webinars and workshops
- Best practices guides and documentation
- Regular compliance updates and alerts
- Industry-specific compliance guidance
Future Compliance Initiatives
π Continuous Improvement
Planned Certifications- ISO 27001 certification completion
- Additional regional compliance certifications
- Industry-specific compliance standards
- Enhanced security control frameworks
- Monitoring of new privacy and security regulations
- Proactive compliance planning and implementation
- Stakeholder engagement and feedback
- Regulatory impact assessments
Contact Information
π€ Compliance Inquiries
General Compliance Questions- Email: support@mixus.com
- Response time: 5 business days
- Include specific compliance requirements
- Reference applicable regulations or standards
- Security questionnaire completion
- Compliance documentation requests
- SOC 2 report access (enterprise customers)
- Custom compliance assessments
π Documentation Requests
Available Documents- SOC 2 reports (when available)
- Compliance certifications
- Data processing agreements
- Security and privacy policies
Related Information
- Security Overview - Complete security program
- Data Privacy - Privacy protection details
- Enterprise Features - Enterprise security features
- Legal Policies - Complete legal documentation
Our compliance program demonstrates our commitment to protecting your data according to the highest global standards. We continuously invest in compliance to earn and maintain your trust.