At Mento and as a Mento coach, we have the privilege of working closely with companies through their HR and leadership teams as well as directly with their employees to help individuals and organizations feel and perform their best. This means that we’re privy to sensitive customer and individual data. As a coach, you follow ICF’s Code of Ethics. As an organization, we are seeking SOC 2 Type 2 Compliance (expected March 2025), which is a cybersecurity framework and reporting system that helps organizations demonstrate their ability to securely store and process client data. SOC 2 Compliance is verified by a third party auditor annually. As a coach who works directly with clients and therefore has access to customer data, we need your help to keep our customer data secure!
Here’s what we need from you:
- Complete a short 10 minute security checklist in Vanta HERE
- Be sure to check out the information security policy for best practices
- Use a unique, strong passwords for your Google Workspace Account and set-up 2FA
- Be a steward of the Mento Community, and report any potential security incidents (digital attacks, lost or stolen devices that store Mento customer data, or any other violations) in #security-reporting channel in slack.
- If you need to report any potential violates anonymously, you can submit via our whistleblower channel here
Other Best Practices To Consider
- VPN: It is a best security practice to use a VPN. You will be shared an invite to our organizational account.
- Passwords: Use unique and secure passwords. Best practices for passwords are outlined in the information security policy. The best and easiest way to ensure password security is to use a password generator and manager. 1password is a great option, or if you are heavy Google user (Workspace, Chrome, etc) than we highly recommend using Google’s password manager (passwords.google.com).
- Device Encryption: If you handle customer data and/or production systems, you need to turn on device encryption. For MacOS and iOS, it’s typically turned on — but be sure to double-check but following the instructions below. If you have an Android, PC, or another operating system, please be sure to follow the relevant instructions.
- Mobile: If you use your personal mobile device to access company and customer information, be sure to add a passcode (it’s required for device encryption) and also automatic lock.