Like Lock and Key: Mendix and Security Just Fit

• ISO/IEC 27017 certification for information security controls for cloud services
• ISO/IEC 27018 certification for protection of personally identifiable information in the cloud
• Health Insurance Portability and Accountability Act (HIPAA) security framework validation
• PCI—Payment Card Industry Data Security Standard Level 1 certification
• Cyber Essentials Certification

Rest Make assured

In the world of security, you always need to stay on top of your game. At Mendix, we continuously assess our security measures ourselves and through third-party validation. It’s important; otherwise, customers like Mercury Systems wouldn’t be able to use Mendix to make accessible, mission-critical technologies for the aerospace and defense industries.

Mercury Systems uses Mendix to unify disparate systems because of Mendix’s strict, cloud native architecture and governance features. Mendix allows them to create a seamless deployment pipeline that includes vulnerability assessments, compliance, and penetration testing.

With that security in place, the makers at Mercury Systems can build technologies with the Mendix Platform, assured that their and their customers’ data are safe.

Flexibility and security

Cloud deployment offers many benefits: cost savings, flexibility, and mobile access to information. With cloud deployment, however, also comes risks around data protection and privacy, especially around personally identifiable information.

We recognize the immense benefits and costly risks that come with deploying to the cloud. Which is why we are certified in and strictly adhere to the standards set forth in ISO/IEC 27017 and 27018. You can build and deploy to the cloud of your choice confident in the fact that your data is safeguarded. As a Mendix Cloud customer, you inherit all security controls implemented by Mendix which makes developing and deploying secure applications using Mendix much easier and more cost beneficial.

Secure healthcare solutions

The COVID-19 pandemic has fast-tracked the need for virtual and remote healthcare solutions around the world. Patients need mobile applications that give them the ability to schedule and contact their medical providers and provide easy access to their personal health data. Pharmaceutical and bio-engineering organizations need to rapidly develop COVID test-tracking and contact tracing applications. It has to be done quickly and safely.

HIPAA governs the security and privacy of patient healthcare information in the United States. Drummond Group, an independent third-party HIPAA compliance assessor, performed its comprehensive HIPAA gap assessment to evaluate the Mendix Platform’s compliance with the HIPAA security rule regarding the confidentiality, integrity, and availability of protected health information.

Mendix passed the evaluation without a single gap identified.

This HIPAA validation gives those in the US building healthcare solutions the peace of mind they need when developing with the Mendix Platform because it now provides a compliant foundation upon which to build.

Take Kermit PPI, a US-based medical device spend management company that delivered a cloud-based software solution that adheres to HIPAA’s patient information security rules. The issue Kermit saw in hospitals was that when it came to the billing and invoicing of implantable medical devices in operating rooms across the US, hospitals’ tracking systems were broken. Hospitals had little to no visibility in spend. Using the Mendix Platform, Kermit was able to digitize and course-correct that workflow of tracking the surgical billing. Kermit’s solution helps adjudicate invoices that come with that transaction.

Kermit co-founder and CEO Rich Palarea, talks about the HIPAA-compliant solution his company built on Mendix: “[By] housing the hospital’s negotiated prices–in the form of a pricing file and contract–we can tell the hospital, literally in real-time, what’s OK to pay and what isn’t.”

A secure way to pay

COVID-19 has disrupted the retail and hospitality industries severly. Restaurants, bars, and shops have relied on a business model that encourages customers to stay a while, have another drink, and wander.

Social distance practices have pushed businesses to rely on curbside pickup, online-only payment transactions, and contactless delivery. To stay in business, enterprises both small and large have had to rapidly develop solutions that allow for online-only payment transactions. PCI DSS compliance allows Mendix-built applications that are running in the Mendix Cloud to process credit card data securely, a customer just has to develop the application and apply their own business rules to protect the cardholder’s data.

Now, businesses can use Mendix to quickly build applications that store, process, and transmit cardholder data. The Mendix Cloud and processes have been vetted by a QSA (PCI Qualified Security Assessor).

More security measures

We are also happy to announce our Cyber Essentials certification. For those in the UK, Cyber Essentials certification is mandatory for all organizations wishing to bid on central government and MOD contracts that deal with personal information.

Our number one priority

Our CTO, Johan den Haan, stated last year in his Mendix World: Version 2.0 keynote that security has always been Mendix’s top priority. You trust us with your data and processes. With these certifications, we’ve set up the Mendix Platform to be truly enterprise-ready, even for sensitive financial and healthcare use cases.

Because when it comes to user experience, we want to make sure that you can build what you and your customers need, you can trust that it’s going to work and work safely.