This statement is issued to support MailGate, LLC and its affiliates’ (collectively, "MailGate”) Security Policy which defines the security framework at MailGate. It declares MailGate’s commitment to provide products and services that meet or exceed our external and internal customers' security requirements and to continually improve our efficiency and effectiveness in doing so.
Security at Mailgate is designed, operated, and controlled to continually assure that:
All security policies and procedures are documented as part of our Information Security Management System (ISMS) and Mailgate employees and contractors, acting on Mailgate’s behalf, are required to cooperate and support Mailgate’s pursuit of security and continual improvement and to adhere to the policies and procedures contained within the ISMS.
Mailgate is in constant examination of security tools and methodologies. Our SSDLC methodologies and processes include best practices adopted from Build Security-In Maturity Model (BSIMM) and OWASP Open Source Software Assurance Maturity Model (OpenSAMM). Mailgate’s SSDLC defines the secure development procedures and security gates to be reached by each Mailgate product before being released to customers. Our secure development controls include:
Mailgate R&D teams undergo continual training to reinforce security topics, using commercial training platforms and in-house developed classes and materials, including:
MailGate performs automatic security scans. Some customers conduct penetration testing externally and share the findings back with MailGate for review.
MailGate maintains GDPR compliance through a thorough set of policies and procedures which guide best practice behavior of our IT and consulting organizations, provides processes for risk assessment and risk management, and drives action plans to resolve issues in a timely manner.
If you’ve discovered a security vulnerability, we want to hear about it, please see our policy to disclose in a responsible manner.
To report a security finding, please email us at [email protected].
Mailgate requests that you don’t post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability. We’ll work with you to make sure we understand the scope of the issue and fully address any potential security issues.