An independent third party auditor issued Morningstar an unqualified SAS70 Type II certification. Morningstar is proud to provide clients the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.
The independent third party auditor verified that Morningstar has the following controls and protocols in place:
-
Logical security: Controls provide reasonable assurance that logical access to Morningstar production systems and data is restricted to authorized individuals
-
Privacy: Controls provide reasonable assurance that Morningstar has implemented policies and procedures addressing the privacy of customer data related to Morningstar applications
-
Data center physical security: Controls provide reasonable assurance that data centers that house Morningstar data and corporate offices are protected
-
Incident management and availability: Controls provide reasonable assurance that Morningstar systems are redundant and incidents are properly reported, responded to, and recorded
-
Change management: Controls provide reasonable assurance that development of and changes to Morningstar applications undergo testing and independent code review prior to release into production
-
Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Morningstar
Contact commoditydata-sales@morningstar.com for copies of the documentation.
