Compliance and Certification

Medallia reviews compliance with the Medallia Information Security policies as well as the Privacy Policy published on our website on a quarterly basis. After reviewing compliance, we provide a report to our executive board. Where applicable we highlight known compliance gaps and plans for addressing them in the future.

On an annual basis the internal information security and privacy policy is reviewed for consistency and accuracy with our practices and obligations, and it is reviewed for compliance with any updated privacy regulations globally.

Description of current compliance with existing standards:

OWASP

For OWASP, we follow security guidelines and implement the OWASP Top 10. We are continuously improving compliance to our policies to harden even more our web application security.

PCI Compliance

Because Medallia does not accept, process, or store credit card data, the PCI standard does not currently apply to our software.

GDPR Compliance

Medallia is GDPR compliant. This includes internal procedures to comply with data subject access requests, with a 20-day SLA to help our clients address their own customers' requests.

Download the full policies document in the Information and Security article.