Mendix Raises the Low-Code Bar Again With New, Gold-Standard Certifications for Healthcare Data and Payment Processing

New ISO/IEC certifications assure that Mendix meets the highest global cloud security and privacy standards

HIPAA validation assures compliance with strict U.S. privacy standards for personal health information

Recent PCI–Payment Card Industry Data Security Standard Level 1 certification is the highest level of security for processing credit card transactions

Mendix cements position as industry’s true enterprise-grade low-code app development platform, even for sensitive financial and healthcare use cases

VIRTUAL GLOBAL EVENT – MENDIX WORLD – SEPTEMBER 3, 2020 – Mendix, a Siemens business and global leader in low-code application development for the enterprise, today announced that it has received two key cloud security and privacy certifications: ISO/IEC 27017 for information security controls for cloud services and ISO/IEC 27018 for protection of personally identifiable information in the cloud. Additionally, an independent third-party assessor, Drummond Group, has validated Mendix’s compliance with the HIPAA requirements, the regulation created to implement the Health Insurance Portability and Accountability Act, which governs the security and privacy of patient health care information in the United States.

Together, these certifications and validation, along with a series of other credentials it previously earned, put Mendix ahead of every other low-code platform for security and healthcare privacy. Organizations of every description — from health care, to finance and insurance, to virtually any enterprise that leverages the cloud and requires the highest levels of security and privacy — can confidently use the Mendix low-code platform to build their digital solutions.

The HIPAA validation is particularly timely in light of the Covid-19 pandemic, which has fast-tracked the need for virtual and remote healthcare solutions around the globe. Patients need mobile applications that give them the ability to schedule visits or connect directly with their medical providers, as well as easy access to their personal health data and medications. And Covid test tracking and contact tracing applications are proliferating throughout the U.S. and the world.

Drummond Group, a recognized leader in healthcare and HIPAA compliance, performed its comprehensive HIPAA Gap Assessment to evaluate Mendix’s compliance with the HIPAA requirements regarding the confidentiality, integrity, availability, and privacy of protected health information. The assessment scrutinizes a broad range of safeguards, processes, policies and documentation. Mendix passed the evaluation without a single gap being identified.

“The HIPAA Gap Assessment with Mendix was conducted using the proven Drummond  methodology, and through that we were able to verify the essential controls required for HIPAA compliance are in place,” said Justin Graham, Drummond HIPAA certification expert. “We know how important it is for Mendix to be HIPAA compliant for their customers to reduce their risk and have confidence that Mendix is carefully safeguarding protected patient health information.”

Mendix enables the healthcare industry and healthcare providers to provide safe, secure, and innovative solutions that address patient and provider needs, while maintaining strict privacy controls in compliance with HIPAA protocols.

“Anytime you’re dealing with a healthcare environment, particularly hospitals, security and privacy are paramount concerns,” says Richard D. Palarea, CEO & co-founder of Kermit, a company that helps hospitals manage and dramatically reduce costs for “physician preference items” or PPI, using a solution it built on the Mendix platform. “While our work doesn’t touch patients directly, you can’t overestimate the value of verified HIPAA compliance to a hospital executive. It’s a credential that adds to our credibility. The fact that Mendix has third-party HIPAA validation is an important plus for us and our clients.”

Secure processing of credit card data and protection of personally identifiable information are two additional security requirements that have become paramount as businesses pivoted to curbside pickup, online-only transactions, and other socially distanced practices during the pandemic. Late last year, the Mendix platform became PCI–Payment Card Industry Data Security Standard Level 1 certified, the highest level of certification for processing credit card transactions. Enterprises can use Mendix to create applications that involve storing, processing or transmitting cardholder data or other sensitive authentication data, knowing that the Mendix cloud and processes have been vetted by a PCI Qualified Security Assessor.

“Make no mistake about it — we take the security and compliance of our customers’ applications and data in the cloud with the utmost seriousness,” said Frank Baalbergen, chief information security officer at Mendix. “Certainly, no other low-code platform, and few platforms of any type, can match the level of third-party certification and validation that Mendix has earned. Transactions are moving online at an ever-increasing pace. It is imperative that businesses and consumers know that their information, especially sensitive healthcare and financial data, are safe. Mendix will always go the extra mile to make it so.”

The International Organization for Standardization and International Electrotechnical Commission are independent, international standards organizations, both based in Geneva, Switzerland. ISO and IEC are recognized around the globe as the defacto standard for publishing standards in any market. HIPAA is the Health Insurance Portability and Accountability Act of 1996, and the mandated regulations from the U.S. Department of Health and Human Services, establishes national security and privacy standards for the handling of sensitive health care patient data.

Find more information about HIPAA, ISO certification, and a complete overview of Mendix security organization and compliance here.

Click here to access content free of charge from Mendix World, the world’s largest virtual low-code conference, featuring more than 60 sessions, including more than 20 by customers, and covering the gamut of low-code application development topics from strategy to practical, hands-on platform training.


In a pandemic-disrupted world, software is the new lifeblood of our daily lives and the connective tissue holding together the global economy. However, traditional software development takes far too long and very often fails to deliver the results business needs and users love. Even prior to COVID-19 there were simply not enough professional software developers in the world to build all the software currently required. The global pandemic has accelerated and exacerbated what was already a software and business crisis. Enter low-code software development. Low-code from Mendix is a powerful enterprise-grade visual development approach empowering citizen and professional developers to make cloud-native applications more than 10X faster for web and mobile using drag-and-drop components and model-driven logic – all through an intuitive graphical user interface.

Learn more about the Mendix Platform and Pricing and Availability.

Connect with Mendix

About Mendix

Mendix, a Siemens business and the global leader in enterprise low-code, is fundamentally reinventing the way applications are built in the digital enterprise. With the Mendix platform, enterprises can ‘Make with More,’ by broadening an enterprise’s development capability to conquer the software development bottleneck; ‘Make it Smart,’ by making apps with rich native experiences that are intelligent, proactive, and contextual; and ‘Make at Scale,’ to modernize core systems and build large app portfolios to keep pace with business growth. The Mendix platform is built to promote intense collaboration between business and IT teams and dramatically accelerate application development cycles, while maintaining the highest standards of security, quality, and governance — in short, to help enterprises confidently leap into their digital futures. Mendix’s ‘Go Make It’ platform has been adopted by more than 4,000 leading companies around the world.