Internal policy review standards

Medallia reviews compliance with our information security policies as well as the privacy policy published on our website on a quarterly basis. After reviewing compliance, we provide a report to our executive board. Where applicable, we highlight known compliance gaps and plans for addressing those gaps in the future.

On an annual basis, the internal information security and privacy policy is reviewed for consistency and accuracy with our practices and obligations, and for compliance with any updated privacy regulations globally.

Open Web Application Security Project (OWASP)

For OWASP, we follow security guidelines and implement the OWASP Top 10. We are continuously improving compliance in our policies to harden our web application security.

Payment Card Industry Data Security Standard (PCI)

Because Medallia does not accept, process, or store credit card data, the PCI standard does not currently apply to our software.

General Data Protection Regulation (GDPR)

Medallia is GDPR compliant. This includes internal procedures to comply with data subject access requests, with a 20-day SLA to help our clients address their own customers' requests.

Download the full policies document in the Information and Security article.