Skip to content
What Security Certifications Does MANTL Maintain?
When you modernize account origination, you’re also trusting a vendor with sensitive customer and core banking data. MANTL aligns to industry-standard security frameworks so banks and credit unions can meet internal risk, compliance, and examiner expectations.
MANTL maintains a security program aligned to SOC 1, SOC 2 Type II, and PCI DSS controls. These frameworks validate the design and operating effectiveness of MANTL’s internal controls over financial reporting, customer data security, and cardholder data protection. Together, they help your risk, security, and audit teams demonstrate that digital account origination is built on bank-grade security—not just fast UX.
How Do MANTL’s Certifications Support Your Risk & Compliance Goals?
SOC 1 for financial reporting impact — Validates that controls around systems impacting financial reporting are designed and operating effectively, supporting your SOX and internal control assertions.
SOC 2 Type II for cloud and data security — Independent auditors test controls over security, availability, processing integrity, confidentiality, and privacy across a defined review period—not just a point in time.
PCI DSS alignment for cardholder data — MANTL’s platform and integrations support secure handling of cardholder data in line with PCI DSS expectations, helping you maintain a compliant payment ecosystem.
Centralized security documentation — SOC reports, penetration test summaries, and security policy documentation are made available via the MANTL / Alkami Compliance Hub to streamline your vendor due diligence.
Bank-grade operational controls — Access management, logging and monitoring, change management, and incident response are governed by formal policies mapped back to audit requirements.
Support for examiner-ready evidence — Documentation of testing periods, exceptions, and remediation plans can be mapped into your internal risk register and exam packages to minimize surprises.
Using MANTL’s Security Certifications in Your Vendor Due Diligence
Security certifications are only useful when they’re actively incorporated into how your institution assesses, onboards, and reviews vendors. Use this workflow to plug SOC and PCI evidence from MANTL into your existing risk framework.
Discover → Request → Review → Map → Approve → Monitor
- Discover the scope: Clarify which MANTL systems and services are covered by SOC 1, SOC 2 Type II, and PCI DSS-related controls, and how they intersect with your core, card processor, and digital channels.
- Request attestation reports: Obtain the latest SOC 1 and SOC 2 Type II reports, bridge letters (if needed), and PCI-related documentation through the Compliance Hub or your account team.
- Review controls and exceptions: Confirm that the control objectives and tests cover your primary risks: data security, uptime, transaction integrity, and change management. Document any noted exceptions and remediations.
- Map to internal policies: Align MANTL controls to your own information security, BCP/DR, vendor management, and ALCO/ERM requirements so your second line can see exactly where coverage exists.
- Approve and document: Use standardized security review templates to formally approve MANTL as a vendor, attach SOC and PCI evidence, and record risk ratings and compensating controls.
- Monitor annually: Schedule recurring reviews tied to report refresh cycles, confirmed remediation of any findings, and changes in MANTL’s platform, hosting, or sub-processor footprint.
Security & Compliance Evidence Matrix for MANTL
| Domain | Primary Framework | What You Get | How Banks Use It | Key Questions to Confirm |
|---|---|---|---|---|
| Financial Reporting Impact | SOC 1 | Independent report on controls relevant to financial reporting (e.g., transaction posting, fee calculations, reconciliations). | Support SOX and internal control attestations when MANTL processes data feeding GL or core systems. | Which products and integrations are in scope? How are systems that touch the GL represented? |
| Cloud & Data Security | SOC 2 Type II | Testing over time of security, availability, processing integrity, confidentiality, and privacy controls. | Evidence package for InfoSec, ERM, and vendor management committees; supports examiner reviews. | What was the review period? Were there any high-risk exceptions or significant control changes? |
| Cardholder Data Protection | PCI DSS | Validation that systems handling cardholder data meet PCI DSS requirements (directly or via partners). | Align MANTL’s role in your overall PCI responsibility matrix and network segmentation strategy. | What is the PCI scope for MANTL? How are third-party processors and gateways covered? |
| Identity & Access Management | SOC 2 + Internal IAM Policies | Evidence of role-based access, MFA, least privilege, and periodic access reviews. | Validate that access to customer and configuration data is constrained and auditable. | How often are access reviews performed? How are shared or break-glass accounts managed? |
| Resilience & Uptime | SOC 2 (Availability) | Controls around incident response, capacity management, and disaster recovery testing. | Map to your own RTO/RPO expectations and online banking uptime targets. | What are MANTL’s SLAs? How often is DR tested and what scenarios are included? |
| Continuous Assurance | SOC + Vendor Management | Ongoing reports, bridge letters, and change notifications. | Drive annual reviews and board-level risk reporting for digital origination. | What’s the cadence for new reports? How are material changes communicated to clients? |
Snapshot: Turning Certifications into Faster, Safer Origination
Institutions that pair a modern digital account-opening experience with independently-audited controls see more than just improved UX. By anchoring vendor selection to SOC 1, SOC 2 Type II, and PCI-aligned controls, they shorten security reviews, reduce examiner findings, and move from “is this safe?” to “how fast can we launch?”—without compromising risk standards.
Use MANTL’s security certifications as the backbone of your vendor risk file for digital account origination, then layer on your own policies, thresholds, and monitoring to build a defensible, examiner-ready story.
Frequently Asked Questions About MANTL’s Security Certifications
Which security certifications does MANTL maintain?
MANTL aligns to SOC 1, SOC 2 Type II controls for information security and availability, and PCI DSS expectations for cardholder data protection within its payment-related scope. Together, these frameworks validate that controls are designed and operating effectively over time.
What is the difference between SOC 1 and SOC 2 for MANTL?
SOC 1 focuses on controls relevant to financial reporting—helpful if MANTL data feeds your GL or regulatory reporting. SOC 2 Type II evaluates broader security, availability, processing integrity, confidentiality, and privacy controls over a defined review period, which is more relevant to InfoSec, vendor management, and examiners.
How does PCI DSS apply to MANTL?
PCI DSS comes into play wherever cardholder data is captured, transmitted, or processed as part of your origination and funding experience. MANTL’s platform and integrations are designed to align with PCI DSS, so your institution can place card-related traffic in a governed, segmented environment.
How can our bank or credit union access MANTL’s SOC reports?
Typically, clients and prospects can request the latest SOC 1 and SOC 2 Type II reports through MANTL’s security / compliance hub or via their account team. Access is usually provided under NDA to protect sensitive details about the control environment and test procedures.
How often are MANTL’s certifications and reports updated?
SOC 2 Type II and related attestations are generally refreshed on an annual cycle, with each report covering a specific audit period. Your vendor management team should confirm the exact cadence, bridge-letter coverage, and any recent changes in scope or control design.
What should we review internally before approving MANTL?
Align MANTL’s control coverage to your information security policy, vendor risk program, PCI responsibility matrix, and business continuity standards. Confirm that any customer, core, and card data flows are fully understood, and document compensating controls where your risk appetite is more restrictive than the baseline frameworks.
Turn Security Certifications into Growth-Ready Origination
Pair MANTL’s SOC and PCI-aligned controls with a revenue marketing strategy that grows funded accounts, balances, and relationships—without increasing risk.
Learn About FI-AI Agent Get your growth auditGet in touch with a revenue marketing expert.
Contact us or schedule time with a consultant to explore partnering with The Pedowitz Group.