Mercer | Mettl Offers Impeccable Data Security Standards
Over six thousand companies in more than 90 countries use Mercer | Mettl's software, services and support to transform the way they hire, reskill and assess test-takers.
Our products and services are empowering our clients with world-class assessments. However, providing a safe and trustworthy data storage environment is the key to our success.
Click Here for more information on Mercer | Mettl's GDPR Compliance and answers to frequently asked questions.
Mercer | Mettl is assessed by TUV, a certifying body, every year as part of the surveillance program.
ISO 9001 is the world's most recognized Quality Management System (QMS) standard.
Our data is hosted on Amazon Web Services, one of the most secure cloud computing environments available on the market.
We have localized data storage in Europe | China | India
Critical data exchanged between test-takers and Mercer | Mettl over the network is encrypted at the column level in RDS. This mechanism provides added security to sensitive data such as question text, ensuring that it cannot be read by human eyes to safeguard against any breach.
Databases, where personal information, exam records and other sensitive details of candidates and clients are gathered, are stored in an uncompromisable maximum security storage environment.
The most critical data, such as a question set, is also encrypted in a way that Mercer | Mettl employees managing the assessment cannot view it. Only an authorized admin can view it.
We are RFC 6238 compliant. Multi-factor authentication ensures that only an authorized person is logging into the account. It acts as an additional layer of security to the login mechanism. The username and password are prompted for logging in as the primary layer. We ensure multi-factor authentication of test-takers through:
Email authentication
Mobile authentication through OTP
ID card authentication
Mercer | Mettl has established guidelines on who can view and access the various system resources.
The right to access the data is allocated following the 'least privilege' rule.
Data access rights are authorized and reviewed to maintain integrity and confidentiality.
The implemented authentication mechanism is in line with the best available security standards.
Mercer | Mettl Is Certified in ISO27001:2013. ISO9001:2015, MS-DPR, GDPR, CCPA (California Consumer Privacy Act) Compliance
Mettl Has adopted Top-Notch Data Security and Virus Protection Standards Practiced by Mercer and Marsh McLennan (MMC Group)
VAPT and Patch Management System
IT Systems Security
Mercer | Mettl performs an internal audit for all departments once every six months
We achieved a VAPT report with the closure of 'critical,' 'high,' and 'medium' vulnerabilities.
We successfully closed 'critical,' 'high,' and 'low' category vulnerabilities diagnosed for the external network test report for AWS setup.
Application-level changes are planned in phases with secure versions to avoid any threats in the future.
All 'critical' and 'high' category vulnerabilities were closed by implementing the Patch Management Policy.
We follow NIST to secure the devices and Mercer | Mettl set up to ensure security according to the latest threats.
Contact Our Experts to Know More