See how security can equal serenity
We know that data security is crucial to you – that’s why we devote significant resources to provide a secure environment 24x7. Our myComplianceManager solutions provide state-of-the-art security to guard against service interruptions, protect the integrity of your data, and shield it from external attack.
A key benefit of our myCM platform is that we can provide each client a turn-key, single-tenant SaaS system that is securely, reliably, and rapidly deployed and maintained across all your global locations.
Through our alliance with RackSpace, a Gartner magic quadrant leader in enterprise hosting and managed IT services, your myComplianceManager system is fully hosted at a Tier 1 Data Center with world-class infrastructure, security, and managed services, including redundant power and environmental systems. Below is a list of certifications and independent audit reports that verify the effectiveness of our current data security program.
- SSAE-16 Type II SOC 2 Audit Report conducted annually by independent firms
- ISO/IEC 27001 Certificate of Compliance
- PCI DSS 3.1 Attestation of Compliance
- EU-US and Swiss-US Privacy Shield
If you have any questions or would like more information regarding our information security program, please contact your myCM representative or e-mail to: info@myCM.com.
Our information security program includes a fully integrated portfolio of devices and services that cover all three critical security areas: physical security; operational security and system security. In addition, all myCM solutions employ multiple tiers of Application-level security.
- Site is gated and manned 24x7x365 with Data Center Operations personnel
- Card reader access is required to enter facility
- Biometric scanner access required to enter Data Center floor
- Security cameras and proximity readers track all movement between areas
- Servers are caged & locked; physical access is logged and limited to pre-screened, authorized technicians
- SSAE-16 Compliant: All security protocols are audited by an independent firm
- System installation using hardened, patched OS
- Dedicated firewall and VPN services to help block unauthorized system access
- Threat management and intrusion detection systems prevent unauthorized traffic
- Data protection with managed and encrypted backup solutions
- Distributed Denial of Service (DDoS) mitigation services
- Policies and procedures based on the Trust Services Principles (TSP) security standards, regularly reviewed as part of our internal risk-assessment process
- Data Center protocols based on ISO 27000 and PCI security framework families
- Business continuity programs with formal monitoring/testing to prevent and mitigate disruptions
- Pre-screening procedures for all personnel
- Employees trained on documented information security and privacy procedures
- Access to confidential information restricted to authorized personnel
- System access requires authentication and is limited, logged, and tracked
- Secure document-destruction policies for all sensitive information
- Documented change-management procedures, with separate development, test and production environments
- Initial passwords are randomly generated; user access is logged and subject to denial of service controls
- All passwords are encrypted during transmission and hashed while at rest
- All pre-authorized sensitive client data is encrypted in transit and at rest
- User access security is multi-tiered, including user authentication, role-based security, task-based security and client-defined permission-based security
- Optional SAML single-sign-on security service
- Secure media handling and destruction procedures for all client data
- Support-ticket history logged, reviewed and approved via the myCM Portal