automotiveMastermind is proud to have achieved (System and Organization Control) SOC 2 Type II attestation based on Security, Availability, Processing Integrity, Confidentiality and Privacy criteria. The SOC 2 Type II audit is performed by an independent third-party and tests controls against Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA). The examination was performed by Schellman & Company, LLC and a report with no exceptions was issued.

automotivemastermind is also proud to be ISO 27001 certified which can be verified directly via Schellman Compliance, LLC here.

Organization Name: automotiveMastermind, Inc.
Certificate Number: 1851382-5

GLBA (Gramm-Leach-Bliley Act) and FTC Safeguards compliance requirements are inclusive within the annual SOC 2 Type 2 and ISO 27001 controls.

Mastermind commits to undergo the SOC 2 Type II and ISO 27001 examination on an annual basis to ensure security controls continue to be independently evaluated.

Data Security Practices

Mastermind and its customer’s data is hosted in a Multi-Cloud Environment (Google Cloud and Microsoft Azure). Multi-layered security provided by PaaS solutions across all Data Centers, Infrastructure, and Operations ensures constant threat protection.

All data transferred within Mastermind is located within secure cloud environments. Data is encrypted in transit and at rest which ensures all customer data is secure. Mastermind utilizes role-based permissions controls within all environments. automotiveMastermind adheres to PII (Personally Identifiable Information) laws and limits the scope of employee access, following the principle of least privilege.

Policies and Procedures

When disposing of any asset, sensitive data is removed prior to disposal. Based on industry standards, data destruction protocols are used for proper erasure according to type. Minimally, data will be removed using low level formatting and degaussing techniques.

All internal systems are protected through strict security policies including multi-factor authentication and condition-based access requirements.