Trust Center

Start your security review
View & download sensitive information
Search items

Overview

The integrity and confidentiality of your information are fundamental priorities for Matillion, We are committed to transparent practices that uphold the highest levels of security, allowing you to trust the full range of solutions we provide, now and in the future.

To continually enhance our security posture, Matillion performs ongoing evaluations of potential risks across all aspects of our organization, from internal operations to our diverse portfolio of products and services. We understand that the landscape of security is ever-changing and accept that no product, person, or process is ever complete, as such, we are committed to ongoing improvements and innovations while demanding quality within our security program.

An independent third-party auditor has rigorously evaluated our comprehensive security program against industry-leading standards, confirming our adherence to SOC2 Type II requirements.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information

Matillion is reviewed and trusted by

Slack-company-logoSlack
DocuSign-company-logoDocuSign
Cisco-company-logoCisco
Amazon-company-logoAmazon
Accenture-company-logoAccenture
TUI-company-logoTUI
Autodesk-company-logoAutodesk
Network Diagram
Pentest Report
Security Whitepaper
SOC 2 Type 2 Bridge Letter
ISO 27001
PCI DSS
SOC 2
CAIQ
SIG
Cyber Insurance
BC/DR
Penetration Testing
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Security Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Network Security Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
Vulnerability Management Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Multi-Factor Authentication
Role-Based Access Control
View more

Reports

Network Diagram
Pentest Report
Security Whitepaper
View more

Self-Assessments

CAIQ
SIG

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
View more

Data Privacy

Privacy of customer data is top of mind. We follow industry best practices and follow all applicable privacy regulations.

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Data Loss Prevention
DNSSEC
Firewall
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Security Grades

Qualys SSL Labs
www.matillion.com

Trust Center Updates

(Non Security) Critical Advisory - METL Update Required

GeneralCopy link

(Non Security) Critical Advisory: Mandatory update required to address Matillion ETL Licence Management Defect - Please go here for more details: https://docs.matillion.com/metl/docs/critical-advisory-licence-management-defect/

Published at N/A

libwebp image framework (CVE-2023-4863)

VulnerabilitiesCopy link

Matillion's security team is aware of and responding to the announcement of a critical vulnerability in the libwebp image framework (CVE-2023-4863).

We are prioritising the rollout of security patches and the implementation of appropriate mitigation strategies to reduce the risk to our internal applications and environments.

Matillion ETL: We can confirm that the vulnerable libwebp package is present in our Matillion ETL AMI, however it is not utilised by Matillion ETL and as such we assess the risk to be low. We would recommend customers to apply the patch as soon as it is available from the vendor(s). Example: https://access.redhat.com/errata/RHSA-2023:5309

Data Productivity Cloud: Data Productivity Cloud does not to have libwebp package and as such is not considered vulnerable.

Please reach out to support if you require any assistance

Published at N/A*

MOVEit Transfer and MOVEit Cloud Vulnerabilities

VulnerabilitiesCopy link

On May 31 and June 9, 2023, Progress Software announced the discovery of two critical vulnerabilities (CVE-2023-34362 and CVE-2023-35036) that could lead to escalated privileges and unauthorized access to their MOVEit file transfer product and environment.

On June 16, an additional critical vulnerability related to this issue, CVE-2023-35708, was announced.

Following our vulnerability response process, including a review of all environments, Matillion does not use MOVEit Transfer and MOVEit Cloud products and has no evidence at this time of any impact to customer data due to these vulnerabilities.

Published at N/A

User Awareness, Fraudulent site in Matillion's name.

GeneralCopy link

Matillion has been made aware of similar domains that claim to be operated by Matillion, these include matillion-okta.com and matillion-pro.com.

Abuse claims have been raised and as of today, all sites are now down. We will continue to keep our customers updated incase of any new developments.

Kind Regards,

Published at N/A

Matillion has been made aware of a recent fraudulent website (http://uk-matillion.com) that claims to be running a promotional program in an attempt to get victims to deposit money through the site.

Matillion is working to ensure that this site is taken down, however it felt important to make all customers aware of the situation.

Kind Regards,

Published at N/A*

Matillion's Response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

Matillion is aware of the current discussions around the OpenSSL 3.0.7 vulnerabilities. At present we do not use the library within our default images and therefore Matillion products and services are not exposed to this vulnerability. We have also found no instances of the vulnerable version within our estate but we are continuing to investigate and gain assurance. Should we determine any exposure, then the remediation of this vulnerability will be completed in line with our Vulnerability & Patch Management process. We are also assessing if there has been any exposure within our third party supply chain, but so far have found no impacted services.

Published at N/A

Welcome to the Matillion Security Trust Center

GeneralCopy link

As an organisation that is security conscious and values security, we are excited to announce the official launch of the Matillion Security Trust Center. By using this portal, you can request access to our compliance documents, review our standardized questionnaires such as the SIG and gain a general understanding of our security posture.

Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications for when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.

The Matillion Security Team

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo