myComplianceManager is a critical component to achieving our compliance.
— National Oilwell Varco

Security Overview

A key benefit of our myCM platform is that we can provide each client a turn-key, single-tenant SaaS system that is securely, reliably, and rapidly deployed and maintained across all your global locations.

Through our alliance with RackSpace, a Gartner magic quadrant leader in enterprise hosting and managed IT services, your myComplianceManager system is fully hosted at a Tier 1 Data Center with world-class infrastructure, security, and managed services, including redundant power and environmental systems. Below is a list of certifications and independent audit reports that verify the effectiveness of our current data security program.

  • SSAE-16 Type II SOC 2 Audit Report conducted annually by independent firms
  • ISO/IEC 27001 Certificate of Compliance
  • PCI DSS 3.1 Attestation of Compliance
  • EU-US and Swiss-US Privacy Shield

If you have any questions or would like more information regarding our information security program, please contact your myCM representative or e-mail to:

aicpa soc.jpg
ISO 27001 Certified.png


Our information security program includes a fully integrated portfolio of devices and services that cover all three critical security areas:  physical security; operational security and system security. In addition, all myCM solutions employ multiple tiers of Application-level security.


Physical Security

  • Site is gated and manned 24x7x365 with Data Center Operations personnel
  • Card reader access is required to enter facility
  • Biometric scanner access required to enter Data Center floor
  • Security cameras and proximity readers track all movement between areas
  • Servers are caged & locked; physical access is logged and limited to pre-screened, authorized technicians
  • SSAE-16 Compliant: All security protocols are audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Threat management and intrusion detection systems prevent unauthorized traffic
  • Data protection with managed and encrypted backup solutions
  • Distributed Denial of Service (DDoS) mitigation services

Operational Security

  • Policies and procedures based on the Trust Services Principles (TSP) security standards, regularly reviewed as part of our internal risk-assessment process
  • Data Center protocols based on ISO 27000 and PCI security framework families
  • Business continuity programs with formal monitoring/testing to prevent and mitigate disruptions
  • Pre-screening procedures for all personnel
  • Employees trained on documented information security and privacy procedures
  • Access to confidential information restricted to authorized personnel
  • System access requires authentication and is limited, logged, and tracked
  • Secure document-destruction policies for all sensitive information
  • Documented change-management procedures, with separate development, test and production environments

Application Security

  • Initial passwords are randomly generated; user access is logged and subject to denial of service controls
  • All passwords are encrypted during transmission and hashed while at rest
  • All pre-authorized sensitive client data is encrypted in transit and at rest
  • User access security is multi-tiered, including user authentication, role-based security, task-based security and client-defined permission-based security
  • Optional SAML single-sign-on security service
  • Secure media handling and destruction procedures for all client data
  • Support-ticket history logged, reviewed and approved via the myCM Portal

Your data is safe with us.

Contact us to learn more about our secure solutions.