Banner
Banner
Contact usLogin
online-assessment
online-assessment
online-assessment

Fortifying Client Information Security

Mercer | Mettl Offers Impeccable Data Security Standards

Compliances
Data Storage
Encryption
Authentication
Testing

Trusted By:

Trusted By Logo
Trusted By Logo
Trusted By Logo
Trusted By Logo
Trusted By Logo

Your Data Security Is Our Highest Priority

Over six thousand companies in more than 90 countries use Mercer | Mettl's software, services and support to transform the way they hire, reskill and assess test-takers.

Our products and services are empowering our clients with world-class assessments. However, providing a safe and trustworthy data storage environment is the key to our success.

Hero-Image

Our Compliances

GDPR-Complaint

Mercer | Mettl Is ISO 27001:2013 Compliant

  • We deploy AWS CloudWatch to monitor all events in AWS where our products are hosted.
  • We possess all controls related to secure development, encryption and key management.
  • The development of the products is in line with secure development standards mandated by various security organizations such as NIST and SANS.

Mercer | Mettl is assessed by TUV, a certifying body, every year as part of the surveillance program.

GDPR-Complaint

We Are Also ISO 9001 Compliant

  • Mercer | Mettl has built a framework to ensure consistent quality of services.
  • We have focused on robust improvements in the standard process approach.

ISO 9001 is the world's most recognized Quality Management System (QMS) standard.

GDPR-Complaint

Mercer | Mettl is SOC 2 Type 2 compliant

  • Our policies and processes strictly adhere to SOC 2 Type 2 compliance standards, encompassing the five total trust service principles (TSPs): security, availability, processing integrity, confidentiality, and privacy.
  • SOC 2 Type 2 certification requires a review of security controls based on the Trust Services Criteria (TSC) of the American Institute of Certified Public Accountants (AICPA), and we conduct regular, comprehensive reviews of our policies and processes to ensure ongoing adherence to the same.

Data Storage

Data Hosting on Aws

Data Hosting on AWS

Our data is hosted on Amazon Web Services, one of the most secure cloud computing environments available on the market.

Localized Servers.svg

Localized Servers

We have localized data storage in Europe | China | India

Data-Storage-Illustration

Data Encryption

Data Encryption in Transit

Critical data exchanged between test-takers and Mercer | Mettl over the network is encrypted at the column level in RDS. This mechanism provides added security to sensitive data such as question text, ensuring that it cannot be read by human eyes to safeguard against any breach.

  • Data exchanged over the network between test-takers and an invigilator is secured and encrypted via HTTPS (256-bit SSL encryption).

  • We enable a security protocol of TLS1.2 to support the secure transmission of HTTP calls.

Data Encryption at Rest

Databases, where personal information, exam records and other sensitive details of candidates and clients are gathered, are stored in an uncompromisable maximum security storage environment.

  • We never barter or sell any information to outside partners

  • We do not use stored data for marketing interests

  • For endpoint access, we offer various authentication combinations to address any vulnerability

The most critical data, such as a question set, is also encrypted in a way that Mercer | Mettl employees managing the assessment cannot view it. Only an authorized admin can view it.

Authentication Features

hero1

Multi-Factor Authentication

We are RFC 6238 compliant. Multi-factor authentication ensures that only an authorized person is logging into the account. It acts as an additional layer of security to the login mechanism. The username and password are prompted for logging in as the primary layer. We ensure multi-factor authentication of test-takers through:

Email-Authentication

Email authentication

Mobile-authentication-through-OTP

Mobile authentication through OTP

ID-card-authentication

ID card authentication

hero2

Defined Access Rights

Mercer | Mettl has established guidelines on who can view and access the various system resources.

01

The right to access the data is allocated following the 'least privilege' rule.

02

Data access rights are authorized and reviewed to maintain integrity and confidentiality.

03

The implemented authentication mechanism is in line with the best available security standards.

Left-Quote

External Auditors from Certifying Bodies, Such as EY, Cert-In Panelled, TUV and GTIS, Assess the Controls Every Year

Mercer | Mettl Is Certified in ISO27001:2013. ISO9001:2015, MS-DPR, GDPR, CCPA (California Consumer Privacy Act) Compliance

Right-Quote

Testing Protocol

Penetration Testing

  • Mercer | Mettl engages with external parties for penetration testing annually.

  • We also undertake network penetration testing annually.

  • External partners are involved in delivering unbiased test reports and analyses annually.

Vulnerability Scanning

  • Mercer | Mettl conducts vulnerability assessments that are assisted by internal experts and external partners.

  • We undertake third-party network and application vulnerability tests annually.

  • Additionally, we run defined tools daily to discover any application vulnerability.

Malware Safety Protocols

Mettl Has adopted Top-Notch Data Security and Virus Protection Standards Practiced by Mercer and Marsh McLennan (MMC Group)

Situational-Judgement-tests

Management System

VAPT and Patch Management System

  • We run best-in-class Vulnerability Assessment and Penetration Testing (VAPT) programs.

  • Our VAPT programs deal with Ransomware, Botnet and other related threats.

Situational-Judgement-tests

Security System

IT Systems Security

  • We have installed stringent data safety and antivirus software on all employee devices.

  • We run the most secure authentication processes on all our laptops and desktops.

Audit Reports

Mercer | Mettl performs an internal audit for all departments once every six months

01

Web Application Penetration Testing

We achieved a VAPT report with the closure of 'critical,' 'high,' and 'medium' vulnerabilities.

02

Network Assessment and Penetration Testing

We successfully closed 'critical,' 'high,' and 'low' category vulnerabilities diagnosed for the external network test report for AWS setup.

03

White Hat Application Scan

Application-level changes are planned in phases with secure versions to avoid any threats in the future.

04

Qualys

All 'critical' and 'high' category vulnerabilities were closed by implementing the Patch Management Policy.

05

NIST - Cyber Security

We follow NIST to secure the devices and Mercer | Mettl set up to ensure security according to the latest threats.

hero

We Value Your Trust and Always Ensure the Safety of Your Information

Contact Our Experts to Know More

Trusted by More Than 6000 Clients Worldwide


COMPANY
Partners
CALL US

INVITED FOR TEST?

TAKE TEST

ASPASP
ISO-27001ISO-9001TUV
NABCBAICPABPS

2023 Mercer LLC, All Rights Reserved

Terms of Services


Privacy Notice


Cookies


GDPR Compliance


Policy


Sub-Processor