At MuleSoft, we recognize the critical importance of safeguarding your data. MuleSoft Intelligent Document Processing is meticulously crafted with robust security measures to ensure the protection of your sensitive customer information.
We prioritize your data’s security by minimizing our interaction with it and creating a secure environment where you can confidently manage and manipulate sensitive information. Our approach includes adhering to industry best practices, conducting regular internal audits, and maintaining strict compliance with policies covering operations, security protocols, passwords, credentials, and secure connectivity. We rigorously adhere to standards and regulations such as SOC2, PCI Level-1, and HiTrust through continuous audits and reviews. Read our report, MuleSoft Anypoint Platform Security and Compliance, to learn more.
Secure and scalable infrastructure in MuleSoft IDP
MuleSoft IDP operates within the Anypoint Platform’s cloud services, leveraging its shared, multi-tenant environment across multiple regions, incorporating essential security controls such as:
- Least privileged access: Ensuring users have the minimum access necessary
- Role-based access controls: Managing permissions based on user roles
- Data security: Including data encryption and not storing sensitive data
- Data residency: Application runtime supports multiple regions to adhere to local data residency laws
MuleSoft IDP services run on Elastic Kubernetes Service (EKS) across three availability zones, benefiting from Kubernetes’ reliability and scalability. Every intra-service communication is shielded with SSL/TLS encryption, guaranteeing the confidentiality of your data. We enforce tenant isolation through stringent measures, requiring tenant IDs in API calls managed via Access Management. Your sensitive data remains safeguarded with dedicated Customer Managed Keys (CMK) and Key Management System (KMS) keys, ensuring data segregation and isolation for added security.
Enhancing encryption and data security
MuleSoft IDP leverages AWS services such as RDS, Redis, S3, and Textract, employing industry-standard security and encryption methods to process documents securely. Data undergoes encryption both in transit and at rest using AWS’s robust encryption features. Files stored in S3 buckets and data in RDS are protected with customer-specific Customer Managed Key (CMK), Key Management Service (KMS) keys managed by MuleSoft, featuring automatic key rotation and stringent access controls.
You play a crucial role in data security beyond the IDP service by adhering to encryption best practices recommended by HIPAA. Use Anypoint Secrets Manager for service-specific credentials, Secure Configuration Properties for CloudHub, and Credentials Store for RPA to ensure sensitive configurations like passwords or tokens remain encrypted.
For documents containing sensitive data, ensure only authorized users access these files during Human-in-the-Loop (HITL) workflows. Use Access Management to govern who can review document tasks, enhancing security and compliance measures. IDP is currently available in two AWS regions, US (us-east-1) and EMEA (eu-central-1).
Our data retention policies
We have specific data retention policies to ensure data is only kept as long as necessary:
- Document action editor: Files used in the IDP editor are stored only for testing purposes and are immediately deleted afterward. Additionally, any extracted data is removed within 24 hours of your session.
- Document action execution: When you use the execution endpoint API, files are stored in our secure S3 bucket, and the extracted data is also stored securely. For successful executions, all data and related files are automatically deleted after seven days. This retention period cannot be changed by the user.For executions requiring human reviews, all data and files are deleted seven days after the review task is completed. Human reviews must be completed within 60 days. If not, all tasks, associated data, and files will be deleted after 60 days. This retention period is also not configurable by the user.
Audit, backup, and disaster recovery
All actions within MuleSoft IDP are meticulously logged via CloudTrail, and API access logs are forwarded to our internal monitoring systems for comprehensive monitoring. All the extracted, stored data are backed up twice daily to ensure your data’s safety. While files themselves are not backed up currently, should any issues arise, you can easily retry the IDP execution with the original file.
Our robust disaster recovery process involves restoring RDS data from snapshots and seamlessly redeploying our stateless backend APIs, which run on Kubernetes, guaranteeing minimal disruption to your operations and peace of mind for you.
MuleSoft IDP is dedicated to delivering a secure and dependable document processing solution. With our industry-leading security measures and rigorous compliance standards, we prioritize the protection of your data around the clock. Count on MuleSoft IDP for a seamless and secure document processing experience you can trust.
Check out this demo to see MuleSoft IDP in action.