Managed or Cloud deployments and HIPAA/FINRA compliance

Hey Everyone,

I am trying to understand how Mattermost’s managed or cloud instances (where Mattermost runs/manages the instance) can help organizations meet compliance standards like HIPAA and FINRA. I read through this guide, however, I can’t tell if it only applies to self-managed instances or if it also applies to cloud/managed instances.

Does anyone know if Matternost’s managed/cloud instances are HIPAA or FINRA-compliant? or know of other documentation/material on this topic?


Heya Jay,

Thank you for reaching out with your question about HIPAA and FINRA compliance for Mattermost’s managed and cloud instances.

Our cloud/managed instances are built to echo the security and compliance features of our self-managed instances. HIPAA and FINRA compliance capability is built into the design of both these options.

However, it’s important to remember that while Mattermost provides tools designed to support your HIPAA and FINRA compliance, the actual compliance will depend heavily on how these tools are used within your organization. For example, maintaining appropriate access controls, managing user behaviors, performing regular audits, and training your staff are crucial parts of the compliance process.

In terms of documentation, the guide you mentioned is applicable to both options—self-managed and cloud/managed. For specific information on the cloud/managed instances, you might want to check out our cloud security overview document.

I hope this clarifies your query. If you have any more questions or need further clarification, feel free to ask.

~John :medal_military: