How Mythos Protects Customer Data

Mythos takes data security seriously.

This page provides an overview of the processes that the Mythos team employs to protect data on the Mythos platform.

Please review the information on this page and if you have any questions or need to request any of the information described here, please submit the form at the bottom of this page.

Secure Software Development Life Cycle

The Mythos product team adheres to a secure Software Development Life Cycle (SDLC) when developing new features for the Mythos platform.

A Secure SDLC requires adding security testing at each software development stage, from design, to development, to deployment and beyond. Examples include designing applications to ensure that your architecture will be secure, as well as including security risk factors as part of the initial planning phase.

Software Security Certification

The Mythos software platform is penetration tested for vulnerabilities on an annual basis by A-LIGN Compliance and Security, Inc. A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks. A-LIGN follows a testing methodology that seeks to identify vulnerabilities and, through exploitation, determine the security impact.

All vulnerabilities that may be identified are immediately remedied by the Mythos team and re-tested by A-LIGN. A-LIGN then provides a Penetration Testing Report that describes any vulnerabilities discovered, the risk level of each, and whether or not Mythos has remedied the vulnerability.

A-LIGN’s penetration testing methodology is based upon the National Institute of Standards and Technology (NIST) SP 800-115 and Penetration Testing Execution Standard (PTES) frameworks and contains the following phases.

The A-LIGN report is available upon request by submitting the form below.

Data Privacy Certification

Mythos is audited on an annual basis by TrustArc, Inc. TrustArc has decades of expertise and leadership in building and maturing comprehensive privacy programs and enabling continuous compliance, information governance and data security alongside the changing privacy landscape, for more than 1,500 companies across the globe.

Mythos has been awarded the TrustArc TRUSTe Enterprise Privacy Certification. The TRUSTe Enterprise Privacy Certification Standards align with the standards set forth in the TrustArc Privacy & Data Governance Framework enables organizations to design and engineer adequate privacy controls into organizational processes, products, and technologies.

The TrustArc Framework Standards are built upon recognized laws and regulatory standards, such as

  • The OECD Privacy Guidelines
  • The APEC Privacy Framework
  • The EU General Data Protection Regulation (GDPR)
  • The U.S. Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27001 and,
  • Other global privacy laws and regulations

The Mythos TRUSTe certification is available upon request by submitting the form below.

Mythos Security Questionnaire

Mythos provides responses to common security questions through our standardized Mythos Security Questionnaire. This document consolidates most of the questions that we have received while participating with many of our customers over the years.

If you are responsible for reviewing the Mythos security posture, this document is the best resource for you to use to asses that posture. Please submit the form below to request the file.

Request More Information