Trust Center

Tiny Mammoth

Tiny Mammoth is a software-as-a-service company specializing in marketing management for businesses across various industries. Although many of its clients are based in the United States, the company’s services are available worldwide, adhering to global security and compliance standards at the highest level.

All information presented in this Trust Center is provided under the conditions outlined in the Terms of Service.
security-compliance@tiny-mammoth.com
Privacy Policy
Overview
Resources
Controls
FAQ

Controls

Infrastructure securityOrganizational securityProduct securityInternal security proceduresData and privacy

Infrastructure security

View all
Control
Status
Unique production database authentication enforced

The company restricts privileged access to encryption keys to authorized users with a business need.The company requires authentication to production datastores to use authorized secure authentication mechanisms, such as unique SSH key.

Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.
Production database access restricted

The company restricts privileged access to databases to authorized users with a business need.

Production OS access restricted

The company restricts privileged access to the operating system to authorized users with a business need.

Production network access restricted

The company restricts privileged access to the production network to authorized users with a business need.

Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Remote access MFA enforced

The company's production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.

Intrusion detection system utilized

The company uses an intrusion detection system to provide continuous monitoring of the company's network and early detection of potential security breaches.

Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Organizational security

View all
Control
Status
Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.
Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Product security

View all
Control
Status
Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.
Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Internal security procedures

View all
Control
Status
Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.
Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Data and privacy

View all
Control
Status
Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only

Access control procedures established

The company's access control policy documents the requirements for the following access control functions:

  • adding new users;
  • modifying users; and/or
  • removing an existing user's access.
Access revoked upon termination

The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Top