Our security, Your serenity
We know that data security is crucial to you – that’s why we devote significant resources to provide a secure environment 24x7. Our solutions provide state-of-the-art security to guard against service interruptions, protect the integrity of your data, and shield it from external attack.
Security Overview
Secure, Reliable & Rapidly Expandable
A key benefit of our myCM private cloud platform is that we can provide you a turn-key SaaS system that is secure, reliable, rapidly deployed, and maintained across all your global locations.
Through our alliance with DataBank, a leader in enterprise hosting and managed IT services, your myCM system is fully hosted at a certified Tier III Data Center with world-class infrastructure, security, and managed services, including redundant power and environmental systems.
Multi-Layered Protection
Defense-in-Depth Security
The myCM environment is protected by a multi-layered and defense-in-depth approach backed by professionals who are ready to respond at a moment’s notice, keeping your data safe and secure. Our data center’s five-layer defense approach provides comprehensive protection and includes a dedicated staff of security engineers and a seasoned CISO.
Compliance Overview
Annually Audited & Certified.
Our data center is annually re-certified for major compliance frameworks including FedRAMP, FISMA, SSAE18 (SOC & Cloud Security Alliance), HIPAA, PCI-DSS and Data Privacy Framework – GDPR.
If you have any questions or would like more information regarding our information security program, please contact your myCM representative or e-mail to: info@myCM.com.
Security-at-a-Glance
Fully Integrated Security Portfolio
Our information security program includes a fully integrated portfolio of devices and services that cover all critical security areas.
Physical Security
Site is gated and manned 24x7x365 with Data Center Operations personnel.
Security badges / card readers and biometric access authentication required at each data center door; Doors are locked, alarmed and door access attempts are logged.
Security cameras and proximity readers track all movement between areas.
myCM server equipment is housed in a locked, segregated environment within the data center; physical access is logged and limited to pre-screened, authorized technicians.
Multiple Tier-1 Internet Service Providers and Redundant LAN Architecture.
Alarm System; Redundant power and HVAC, fire suppression and photoelectric detection.
System Security
Centralized network security and operations center manned 24x7x365.
Data Center adheres to a broad range of information and security certifications including: FedRAMP, SSAE18 (SOC2 Trust Services Criteria & Cloud Security Alliance’s Cloud Control Matrix Criteria), PCI-DSS and Data Privacy Framework – GDPR.
Logical access privileges are limited, controlled and reviewed.
Dedicated firewalls and VPN services to help block unauthorized system access.
Threat management, intrusion prevention systems (IPS), and intrusion detection systems (IDS), prevent unauthorized traffic.
Systems are hardened, patched, monitored with centralized logging platform.
Data protection with managed and encrypted backup solutions.
Distributed Denial of Service (DDoS) mitigation services.
Annual risk assessments and periodic vulnerability & penetration tests performed.
Operational Security
Network Operatoins Center
Policies and procedures are based upon globally accepted security standards.
Business continuity and daily data-backup programs with formal monitoring/testing.
Background checks and drug-screening of all personnel.
Employees trained on documented information security and privacy procedures.
Access to confidential and privacy information restricted to authorized personnel.
Authenticated system access is required, limited, logged, and tracked.
Information security and incident response procedures are trained and tested.
Secure data-destruction policies for all sensitive information.
Support ticket history logged, reviewed and approved via the data center portal.
Application Security
User access security is multi-tiered, including user authentication, role-based security, task-based security and client-defined permission-based security.
Optional SAML single-sign-on security service is available.
Passwords are randomly generated and hashed with client-defined settings for password length, log attempts, password reset and session length.
User access is logged and subject to denial of service controls.
All data is encrypted during transmission and at rest with NIST-compliant encryption or greater.
Secure media handling and destruction procedures for all client data.
Support-ticket history logged, reviewed and approved via the myCM Portal.
Endpoint security to ensure all myCM employee devices are secure and compliant.
Documented SDLC and change-management procedures, with separate development, test and production environments.
Your data is safe with us.
Contact us to learn more about our secure solutions.
