Trusted By:
Your Data Security Is Our Highest Priority
Over six thousand companies in more than 90 countries use Mercer | Mettl's software, services and support to transform the way they hire, reskill and assess test-takers.
Our products and services are empowering our clients with world-class assessments. However, providing a safe and trustworthy data storage environment is the key to our success.
Our Compliances
Mercer | Mettl Is ISO 27001:2013 Compliant
- We deploy AWS CloudWatch to monitor all events in AWS where our products are hosted.
- We possess all controls related to secure development, encryption and key management.
We Are Also ISO 9001 Compliant
- Mercer | Mettl has built a framework to ensure consistent quality of services.
- We have focused on robust improvements in the standard process approach.
ISO 9001 is the world's most recognized Quality Management System (QMS) standard.
Mercer | Mettl is SOC 2 Type 2 compliant
- Our policies and processes strictly adhere to SOC 2 Type 2 compliance standards.
- SOC 2 Type 2 certification requires a review of security controls based on the Trust Services Criteria (TSC) of the American Institute of Certified Public Accountants (AICPA), and we conduct regular, comprehensive reviews of our policies and processes to ensure ongoing adherence to the same.
Data Encryption
Data Encryption in Transit
Data exchanged over the network between test-takers and an invigilator is secured and encrypted via HTTPS (256-bit SSL encryption).
We enable a security protocol of TLS1.2 to support the secure transmission of HTTP calls.
Supported transmission encryption standards and tools include: - Transport Layer Security (TLS) versions 1.2 and above.
Encryption choices align with data sensitivity assessments, contractual and regulatory obligations, and organizational security policies
Data Encryption at Rest
We never barter or sell any information to outside partners
We do not use stored data for marketing interests
For endpoint access, we offer various authentication combinations to address any vulnerability
Authentication Features
Multi-Factor Authentication
We are RFC 6238 compliant. Multi-factor authentication ensures that only an authorized person is logging into the account. It acts as an additional layer of security to the login mechanism. The username and password are prompted for logging in as the primary layer. We ensure multi-factor authentication of test-takers through:
Email authentication
Mobile authentication through OTP
ID card authentication
Defined Access Rights
Mercer | Mettl has established guidelines on who can view and access the various system resources.
01
The right to access the data is allocated following the 'least privilege' rule.
02
Data access rights are authorized and reviewed to maintain integrity and confidentiality.
03
The implemented authentication mechanism is in line with the best available security standards.
External Auditors from Certifying Bodies, Such as EY, Cert-In Panelled, TUV and GTIS, Assess the Controls Every Year
Mercer | Mettl is certified in ISO27001:2013, ISO9001:2015 and GDPR compliant.
Testing Protocol
Penetration Testing
Mercer | Mettl engages with external parties for penetration testing annually.
We also undertake network penetration testing annually.
External partners are involved in delivering unbiased test reports and analyses annually.
Vulnerability Scanning
Mercer | Mettl conducts vulnerability assessments that are assisted by internal experts and external partners.
We undertake third-party network and application vulnerability tests annually.
Additionally, we run defined tools daily to discover any application vulnerability.
Malware Safety Protocols
Mettl Has adopted Top-Notch Data Security and Virus Protection Standards Practiced by Mercer and Marsh McLennan (MMC Group)
Management System
VAPT and Patch Management System
We run best-in-class Vulnerability Assessment and Penetration Testing (VAPT) programs.
Our VAPT programs deal with Ransomware, Botnet and other related threats.
Security System
IT Systems Security
We have installed stringent data safety and antivirus software on all employee devices.
We run the most secure authentication processes on all our laptops and desktops.
Audit Reports
01
Web Application Penetration Testing
We achieved a VAPT report with the closure of 'critical,' 'high,' and 'medium' vulnerabilities.
02
Network Assessment and Penetration Testing
We successfully closed 'critical,' 'high,' and 'low' category vulnerabilities diagnosed for the external network test report for AWS setup.
03
White Hat Application Scan
Application-level changes are planned in phases with secure versions to avoid any threats in the future.
04
Qualys
All 'critical' and 'high' category vulnerabilities were closed by implementing the Patch Management Policy.
05
NIST - Cyber Security
We follow NIST to secure the devices and Mercer | Mettl set up to ensure security according to the latest threats.
We Value Your Trust and Always Ensure the Safety of Your Information
Contact Our Experts to Know More
