Cloud banking platform

Security & compliance

The Mambu platform lives up to state of art security standards as verified and assured by an external certification body.

Here's how we do it

External pentests

We perform continuous internal security tests. These tests are further backed by external penetration tests from security researchers – multiple times per year. Penetration tests cover network security aspects as well as common web application vulnerabilities as referenced in the OWASP Top 10.

Openness & transparency

Our APIs and data dictionary are publicly available. Furthermore customers can automate back-up retrieval at any time. If you’re interested in detailed security assurance and compliance information, please contact us.

Data security

We apply principles like security-in-depth, need-to-know and least-privilege to reduce the risk of security incidents caused by internal or external threats using different preventive, detective and mitigative controls.

Incident response

In the case of a security incident, we’re prepared with incident response plans and 24/7 on-call staff to react promptly and appropriately.

Infrastructure & regulation

Security features

Data protection & privacy compliance

At Mambu, we value your trust and we are dedicated to ensuring the protection of the personal data you entrust us with.

Isolation & control

Our customers can choose to have a dedicated Mambu deployment that is not shared with other Mambu customers, giving them further control over the environment and increase the isolation.

Open banking platform

The Mambu platform provides APIs to implement the PSD2 regulation, allowing financial institutions to give third-party vendors access to end-customer data.

Complete audit rights

We always ensure our customers and regulators can execute their supervisory function and have effective audit rights to Mambu’s business premises, processes and supply chain.

SLAs & business continuity

We offer SLAs for uptime and resolution times on customer inquiries. Our disaster recovery procedures and business continuity plans are regularly tested. Our SaaS solution is cloud-agnostic and has no vendor lock-in.

Built-in security

Security is embedded in all stages of the software development lifecycle (SDLC) at Mambu – from requirements engineering, programming and QA to deployment, monitoring, alerting and incident management.

Customer control

Our contractual commitments as outlined in Mambu’s data protection affirm our customers’ control of the personal data processed by Mambu. We assist our customers in their data protection compliance and provide transparency on our sub-processors, data processing locations and cross-border data transfer mechanisms.

Global data protection programme

Mambu’s global data protection programme, underpins our data protection commitments across the organisation, aligning Mambu’s data processing practices with applicable data protection regulations such as the GDPR.

Data protection team

Mambu has a dedicated data protection team and has appointed a data protection officer responsible for overseeing Mambu’s compliance with the applicable data protection regulations and the data protection commitments to its customers.


Vulnerability Disclosure Program

Our vulnerability disclosure program provides detailed information on how to submit a report about security and vulnerability issues. We kindly ask you to not publicly disclose any security issue until it has been addressed by our team.