MainStem provides trust in internet businesses by enabling companies to manage their supply chain in a secure, compliant platform and improve their posture to their customers, prospects, and partners.

View MainStem's Vanta Trust Report™
Looking to report a security concern? Please visit our Responsible Disclosure page.

Security Program Highlights

MainStem takes data security seriously. We encrypt data at rest, and in transit for all of our customers. We use a variety of third party tools, auditors and services to provide best in class security for our entire user base on the MainStem platform.

SOC 2 Type 2

MainStem is undergoing an audit for its SOC 2 Type compliance and is on track to have the compliance issued in 2022. SOC 2 compliance offers reporting options beyond financial objectives. It covers controls relevant to the trust services principles (TSP): security, availability, processing integrity, confidentiality, and privacy.

Annual Pen Testing

MainStem regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment. MainStem also uses high-quality static analysis tooling provided by GitHub Advanced Security such as CodeQL, Secrets Scanner, and Dependabot to secure our product at every step of the development process.