Summary
MindBridge is globally recognized for its advanced financial anomaly detection and risk discovery platform. MindBridge has long realized that transparency is critical for safe and effective use of technology and is committed to meeting the highest standards of quality and ethics. This article outlines how organizations can confidently be assured of the results generated by the MindBridge platform and identifies key factors for evaluating its trustworthiness.
MindBridge – Transparency, Security and Operational Excellence
Users can establish a high degree of assurance that the MindBridge solution delivers credible results through several key factors:
- Algorithm Validation: MindBridge's algorithms undergo regular independent third-party validation, including a comprehensive audit by Holistic AI, a renowned center for algorithm safety. This report (restricted to MindBridge’s customers) provides information on the latest independent third-party validation conducted.
- Security and Compliance: MindBridge is SOC 2 Type 2 compliant, affirming robust controls over information security and data confidentiality.
- Quality Assurance: MindBridge employs a rigorous Quality Assurance (QA) process to ensure all technological changes meet stringent standards. This includes comprehensive testing for functionality, performance, and security across development cycles.
- Certifications: MindBridge maintains ISO 27001, 27017, and 27018 certifications, demonstrating its commitment to secure data handling and privacy.
For specific audit reports, certifications and insights into MindBridge’s QA processes, users can contact their MindBridge Customer Success Manager (CSM) or Implementation Advisor (IA).
Supporting User/Organization Level Responsibilities
In addition to leveraging the capabilities of 3rd-party software tools such as MindBridge , these organizations (such as audit firms which conduct audits on behalf their clients) must also consider several additional factors in order to demonstrate effective assurance of their audits:
-
Regulatory Compliance: Compliance with ISQM 1 requirements (effective December 2022) or other applicable standards, is crucial, outlining standards for technology use and involvement of service providers in audit engagements. This includes establishing policies on resource usage, training requirements, and documentation of technological integration. Despite utilizing external resources like MindBridge, organizations maintain responsibility for their quality management systems. Audit firms are expected to follow the documentation and testing requirements of ISQM 1 or other applicable standards.
How MindBridge can help: An example template for such documentation is attached below. A designated CSM can provide further assistance for questions related to this document. -
Skill and Competence: Ensuring staff possess adequate skills to interpret the results of the MindBridge analysis results is essential. Implementing and monitoring training (and engagement leader involvement in the case of assurance engagements) are critical for effective use and evaluation.
How MindBridge can help: MindBridge offers extensive on-demand training through MindBridge Academy. Additionally, audit firms and other organizations can discuss specific and tailored training needs with their CSM or IA. -
Updates and Configuration: Adopt regular updates and customization considerations to ensure the MindBridge platform remains aligned with organizational needs and regulatory changes. Organizations should review release notes and control point changes issued by MindBridge to assess the impact to organizational and training needs. It is recommended that organizations implement a testing strategy for each major release, or when significant changes are made to the control points being utilized by an organization.
How MindBridge can help: Detailed release notes are issued by MindBridge to allow organizations to understand the impact of product changes. Further, if an organization requires testing support for any releases issued by MindBridge, users can contact their CSM or IA to request tailored testing guidance. -
Responsibility and Oversight: Compliance with evolving regulatory frameworks, such as IESBA requirements, ensures independence, integrity, and professional conduct. Further, there may be new auditing standards being issued that may impact the specific use cases supported by the organization under existing methodology. Leveraging the ever-evolving capabilities of the MindBridge solution ensures that organizations remain current in meeting their obligations.
How MindBridge can help: MindBridge monitors changes to the regulatory environment that are related to the use of technology tools and their impact to your reliance, and can share information with regards to these regulatory changes for the organization to effectively manage their compliance risks. -
Complementary user entity controls: As with any service organization that provides services to customers, the effectiveness of the controls operated by the service organization depends on the complementary user entity controls (CUEC) at the customer organization that are also operating effectively. For CUECs relevant to MindBridge, refer to the latest SOC 2 Type 2 report for key criteria in adhering to this requirement. Organizations are advised to review their CUECs and ensure that they are operating effectively.
How MindBridge can help: A designated CSM or IA can provide the latest SOC 2 Type 2 report and assist with any of the related CUECs that are relevant to your organization.
As with any major technology implemented by firms, organizations must align their internal policies and procedures with regulatory standards and ensure adequate oversight for the adoption and changes to technology tools. By understanding these factors, organizations can maximize the benefits of the platform’s advanced capabilities while mitigating risks associated with technological reliance. MindBridge has extensive resources to support an organization’s adoption of new technologies.
For further inquiries on this article or to access specific audit reports and certifications, reach out to your dedicated CSM or IA.
Anything else on your mind? Chat with us, or, submit a request for further assistance.