Our security, Your serenity
We know that data security is crucial to you – that’s why we devote significant resources to provide a secure environment 24x7. Our solutions provide state-of-the-art security to guard against service interruptions, protect the integrity of your data, and shield it from external attack.
Security Overview
A key benefit of our myCM private cloud platform is that we can provide you a turn-key SaaS system that is secure, reliable, rapidly deployed, and maintained across all your global locations.
Through our alliance with DataBank, a leader in enterprise hosting and managed IT services, your myCM system is fully hosted at a Tier 1 Data Center with world-class infrastructure, security, and managed services, including redundant power and environmental systems.
The myCM environment is protected by a multi-layered and defense-in-depth approach backed by professionals who are ready to respond at a moment’s notice, keeping your data safe and secure. Our data center’s five-layer defense approach provides comprehensive protection and includes a dedicated staff of security engineers and a seasoned CISO.
Compliance Overview
Our data center is annually re-certified for major compliance frameworks including FedRAMP, FISMA, SSAE18 (SOC & Cloud Security Alliance), HIPAA, PCI-DSS and Data Privacy Framework – GDPR.
If you have any questions or would like more information regarding our information security program, please contact your myCM representative or e-mail to: info@myCM.com.
Security-at-a-Glance
Our information security program includes a fully integrated portfolio of devices and services that cover all critical security areas.
Physical Security
Site is gated and manned 24x7x365 with Data Center Operations personnel
Security badges / card readers and biometric access authentication required at each data center door; Doors are locked, alarmed and door access attempts are logged
Security cameras and proximity readers track all movement between areas
myCM server equipment is housed in a locked, segregated environment within the data center; physical access is logged and limited to pre-screened, authorized technicians
Multiple Tier-1 Service Providers and Redundant LAN Architecture
Alarm System; Redundant power and HVAC, fire suppression and photoelectric detection
System Security
Centralized network security and operations center manned 24x7x365
Data Center adheres to a broad range of information and security certifications including: FedRAMP, SSAE18 (SOC2 Trust Services Criteria & Cloud Security Alliance’s Cloud Control Matrix Criteria), PCI-DSS and Data Privacy Framework – GDPR
Logical access privileges are limited, controlled and reviewed
Dedicated firewalls and VPN services to help block unauthorized system access
Threat management, intrusion prevention systems (IPS), and intrusion detection systems (IDS), prevent unauthorized traffic
Systems are hardened, patched, monitored with centralized logging platform
Data protection with managed and encrypted backup solutions
Distributed Denial of Service (DDoS) mitigation services
Annual risk assessments and periodic vulnerability & penetration tests performed
Operational Security
Policies and procedures are based upon globally accepted security standards
Business continuity and daily data-backup programs with formal monitoring/testing to prevent and mitigate disruptions
Background checks and drug-screening of all personnel
Employees trained on documented information security and privacy procedures
Access to confidential and privacy information restricted to authorized personnel
Authenticated system access is required, limited, logged, and tracked
Information security and incident response procedures are trained and tested
Secure data-destruction policies for all sensitive information
Support ticket history logged, reviewed and approved via the data center portal
Application Security
User access security is multi-tiered, including user authentication, role-based security, task-based security and client-defined permission-based security
Optional SAML single-sign-on security service is available
Passwords are randomly generated and hashed with client-defined settings for password length, log attempts, password reset and session length
User access is logged and subject to denial of service controls
All data is encrypted during transmission and at rest
Secure media handling and destruction procedures for all client data
Support-ticket history logged, reviewed and approved via the myCM Portal
Documented SDLC and change-management procedures, with separate development, test and production environments
Your data is safe with us.
Contact us to learn more about our secure solutions.
Page Credits - Photos: Unsplash and rawpixel.com.
