SOC 2 Compliance

Mabel has achieved SOC 2 compliance and utilizes enterprise-grade best practices to protect our customers’ data.

We are excited to announce that Mabel has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba. Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, confidentiality, processing integrity, and privacy. A SOC 2 Type II report describes a service organization's systems and whether the controls they have in place to satisfy the SOC criteria are operating effectively over an agreed upon observation period. Mabel’s SOC 2 Type II report had Security in scope, and did not have any noted exceptions and therefore was issued with a “clean” audit opinion from Sensiba.

Continuous Security Control Monitoring

Mabel uses Drata’s compliance automation platform to continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allows Mabel to confidently prove its security and compliance posture, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests

Mabel works with industry leading security firms to perform annual network and application layer penetration tests.

Secure Software Development

Mabel utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption

Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program

If you believe you’ve discovered a bug in Mabel security, please get in touch. Our security team promptly investigates all reported issues. Customers and prospects who are interested in discussing our commitment to security and reviewing our HIPAA compliance reports can contact privacy@getmabel.com.