Manhattan understands that compliance is crucial to success. Compliance improves performance, drives consistency, and reduces errors so our customers receive better solutions with more efficiency.

We build our security management and compliance programs based on industry standards from CIS, ISO27001, and NIST. Our security risk management framework establishes the mandate, commitment, guiding principles, and established roles and accountabilities for managing, monitoring and improving risk management practices within the organization.

We perform internal testing of key security and privacy controls to validate adherence to established frameworks. This includes third party security penetration testing on an annual basis. The results of those tests are communicated to executive management and remediation efforts are monitored. Controls are retested when appropriate to ensure security protection.

Security and privacy controls are audited yearly by an independent third party to verify that technology, processes, and procedures are in place and followed.

Policy
Manhattan maintains corporate security policies and subsidiary documents which establish the requirements for accessing, using, storing, transmitting, protecting, and disposing of information and information systems for which Manhattan is responsible.

Those policies provide the standards and guidance on security controls used to govern our information and information systems. Policies include but are not limited to:

  • Acceptable Use
  • Access Control
  • Audit
  • Change Management
  • Cloud Security
  • Data Classification, Protection, Retention
  • Incident Response
  • Patch Management
  • Password Management
  • Penetration & Vulnerability Testing
  • Risk Management
  • Vendor Risk

Audit
Manhattan maintains a comprehensive set of compliance certifications, attestations, and third-party assessments to give customers confidence that their information is safe.

We undergo semi-annual third-party audits covering a 12-month period to certify individual services against SOC 1, 2, and 3 standards, as well as SSAE 18 / ISAE 3402 Type II. The following Manhattan Active® SaaS Applications are currently in scope for SOC 1, SOC 2, and SOC 3:

  • Manhattan Active Supply Chain (MASC)
  • Manhattan Active Omni (MAO)
  • Manhattan Active Allocation (MA-Allocation)
  • Manhattan Active SCALE (MA-SCALE)

Annual audits of financial and technical controls are performed for compliance with the Sarbanes-Oxley Act of 2002.