Cloud banking platform

Security & compliance

The Mambu platform lives up to state of art security standards as verified and assured by an external certification body.

Here's how we do it

External pentests

We perform continuous internal security tests. These tests are further backed by external penetration tests from security researchers – multiple times per year. Penetration tests cover network security aspects as well as common web application vulnerabilities as referenced in the OWASP Top 10.

Openness & transparency

Our APIs and data dictionary are publicly available. Furthermore customers can automate back-up retrieval at any time. If you’re interested in detailed security assurance and compliance information, please contact us.

Data security

We apply principles like security-in-depth, need-to-know and least-privilege to reduce the risk of security incidents caused by internal or external threats using different preventive, detective and mitigative controls.

Incident response

In the case of a security incident, we’re prepared with incident response plans and 24/7 on-call staff to react promptly and appropriately.

Infrastructure & regulation

Slide 4 of 4

We are

An AWS partner

We are a member of the AWS Partner Network in the Financial Services Competency program. Mambu was audited in the AWS Well Architected Program to ensure we deploy security best practices: encryption in transit and at rest, identity and access management, and many others available on the AWS platform.

AWS marketplace

We are

Secure

Customer data is processed in AWS' state-of-the-art data centres, assured by a vast amount of related certifications, providing confidence to run regulated workloads.

AWS Certifications

We are

SOC I & SOC II compliant

Mambu maintains Independent Service Auditor Reports SOC 1 (Type 1 and 2) and SOC 2 (Type 1 and 2) to provide assurance on the design, implementation, and operating effectiveness of the internal controls that are relevant to our customers’ financial statements (SOC 1) and internal controls that meet the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria (SOC 2).

We are

ISO 27001 certified

Mambu maintains an Information Security Management System (ISMS) according to ISO/IEC 27001 to proactively manage information security risks and review the effectiveness of our technical and organisational controls via internal and external audits.

Download ISO Certificate

We are

An AWS partner

AWS marketplace

We are

Secure

Customer data is processed in AWS' state-of-the-art data centres, assured by a vast amount of related certifications, providing confidence to run regulated workloads.

AWS Certifications

We are

SOC I & SOC II compliant

We are

ISO 27001 certified

Download ISO Certificate

We are

An AWS partner

AWS marketplace

We are

Secure

Customer data is processed in AWS' state-of-the-art data centres, assured by a vast amount of related certifications, providing confidence to run regulated workloads.

AWS Certifications

We are

SOC I & SOC II compliant

We are

ISO 27001 certified

Download ISO Certificate

Security features

Data protection & privacy compliance

At Mambu, we value your trust and we are dedicated to ensuring the protection of the personal data you entrust us with.

Isolation & control

Our customers can choose to have a dedicated Mambu deployment that is not shared with other Mambu customers, giving them further control over the environment and increase the isolation.

Open banking platform

The Mambu platform provides APIs to implement the PSD2 regulation, allowing financial institutions to give third-party vendors access to end-customer data.

Complete audit rights

We always ensure our customers and regulators can execute their supervisory function and have effective audit rights to Mambu’s business premises, processes and supply chain.

SLAs & business continuity

We offer SLAs for uptime and resolution times on customer inquiries. Our disaster recovery procedures and business continuity plans are regularly tested. Our SaaS solution is cloud-agnostic and has no vendor lock-in.

Built-in security

Security is embedded in all stages of the software development lifecycle (SDLC) at Mambu – from requirements engineering, programming and QA to deployment, monitoring, alerting and incident management.

Customer control

Our contractual commitments as outlined in Mambu’s data protection affirm our customers’ control of the personal data processed by Mambu. We assist our customers in their data protection compliance and provide transparency on our sub-processors, data processing locations and cross-border data transfer mechanisms.

Global data protection programme

Mambu’s global data protection programme, underpins our data protection commitments across the organisation, aligning Mambu’s data processing practices with applicable data protection regulations such as the GDPR.

Data protection team

Mambu has a dedicated data protection team and has appointed a data protection officer responsible for overseeing Mambu’s compliance with the applicable data protection regulations and the data protection commitments to its customers.

SECURITY AT MAMBU

Vulnerability Disclosure Program

Our vulnerability disclosure program provides detailed information on how to submit a report about security and vulnerability issues. We kindly ask you to not publicly disclose any security issue until it has been addressed by our team.

Submit a report