Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Mosaic's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

SOC 2 Type 2 Logo
SOC 2 Type 2
SOC 3 Logo
SOC 3

Mosaic is reviewed and trusted by

Warburg Pincus LLC-company-logoWarburg Pincus LLC
CVC-company-logoCVC
New Mountain Capital-company-logoNew Mountain Capital
Investcorp-company-logoInvestcorp
Oakley Capital-company-logoOakley Capital
Bridgepoint-company-logoBridgepoint
CapVest-company-logoCapVest
Evercore-company-logoEvercore
The Riverside Company-company-logoThe Riverside Company

Documents

Featured Documents

DOCUMENTSMosaic Cloud Security Overview
DOCUMENTSMosaic Cloud Security Addendum - Artificial Intelligence
Knowledge Base (FAQ)
  • What is Mosaic's RPO?
  • What is Mosaic's RTO?
  • Are staff required to use a password manager?
  • How regularly are systems, logs and events monitored for evidence of a cyber security incident?
  • Does your organization restrict administrative access to desktops, laptops, phones and tablets for all employees and third parties?
View more

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Recovery Time Objective24-48 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
Pentest Report
View more

Self-Assessments

SIG Lite

Data Security

Access Monitoring
Data Asset Classification
Data Backups
View more

App Security

Responsible Disclosure
Application Penetration Testing
Code Analysis
View more

AI

AI Training Data and Bias
Third-Party AI Diligence

Legal

SubprocessorsAmazon Web Services (AWS)-company-logoDatadog-company-logoMixpanel-company-logoSalesforce-company-logoActiveCampaign-company-logo
Cyber Insurance
Privacy Policy
View more

Access Control

Access Log Management
Automated Account Management
Data Access
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Anti-Malware
Disk Encryption
DNS Filtering
View more

Network Security

Bot Detection
Distributed Denial of Service Protection (Anti-DDoS)
Firewall
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Handbook
View more

Policies

Acceptable Use Policy
Access Control Policy
Backup Policy
View more

Security Grades

SecurityScorecard
mosaic.pe
Security Scorecard A grade
Qualys SSL Labs
app.mosaic.pe
A+

Asset Management

Asset Inventories (Hardware/Software)
Asset Tracking
Automated Asset Detection

BC/DR

Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Event & Audit Log Management
View more
Trust Center Updates

Mosaic Updates

Copy link
General

Mosaic Publishes Latest Penetration Test Results – No Vulnerabilities Found

We’re pleased to share that Mosaic has successfully completed its most recent Web Application Penetration Test, conducted by the independent cybersecurity firm Zaviant. The assessment resulted in zero identified vulnerabilities, reaffirming the strength of our application’s security posture.

Key Highlights

  • No vulnerabilities found across any severity category: critical, high, medium, low, or informational.
  • Full-scope testing covered unauthenticated and authenticated user roles (Org User, Org Admin, Super Admin).
  • Core functionality, including file uploads, AI-powered model ingestion, and authentication mechanisms (SSO and MFA), was thoroughly tested with no issues discovered.
  • Security best practices were observed throughout the application and supporting infrastructure, with Zaviant confirming strong resilience to attack.

This assessment was conducted in accordance with the Penetration Testing Execution Standard (PTES) methodology, encompassing reconnaissance, vulnerability analysis, exploitation attempts, and post-exploitation analysis.

The final report is now available for review in our Trust Center.

We remain committed to transparency and proactive risk management. Regular third-party assessments help ensure Mosaic continues to meet the highest standards of application security.

For any questions about the report, please contact us at support@mosaic.pe.

If you need help using this Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo