Corporate IT Security

Workstation Security

All Medallia workstations and laptops run on Apple Mac OS™ and have been hardened according to industry best practices. Medallia’s systems administrators set security policies on all Medallia workstations, including password complexity requirements, session management, firewall and encryption settings.

Security controls on workstations include, but are not limited to:

  • Anti-Malware

  • Active firewalls

  • Whole-disk encryption

  • Inactivity timeouts with password

  • Disabling of unused features and services

  • Disabling of sharing

  • Permission settings for folders and files

  • IT asset tracking

Confidentiality

Medallia maintains strict policies and procedures for classifying and securing client data. Our data classification policy defines these classifications and associated handling requirements, including: labeling, encryption, transmission, data transfer, processing, security safeguards, and deletion. Personnel are prohibited from copying or storing client data onto removable media or mobile devices. Medallia also enforces a clear desk/clear screen policy.

Medallia has instituted policies and procedures for the acceptable use of electronic resources. These policies cover confidentiality and security of email messages, prohibit the use of illegal software, and provide guidance on the acceptable use of social media and other public communications media.

Wireless Networks and Non-Company Devices

Medallia’s business offices use two wireless networks: a WPA2-Enterprise secure network for company issued devices and a guest network for non-company issued devices. The networks are separated by a firewall. Employees and contractors are prohibited from connecting their personal devices to Medallia’s secure networks or storing client data on mobile devices.

Employees accessing Medallia’s networks remotely must connect through a VPN (an encrypted tunnel) with 2-factor authentication. The Engineering staff must also use a Secure-Shell (SSH), in addition to the VPN, with public/private keys (PKI) to reach our data centers.