myComplianceManager is a critical component to achieving our compliance.
— National Oilwell Varco

Security Overview

A key benefit of our myCM platform is that we can provide each client a turn-key, single-tenant SaaS system that is securely, reliably, and rapidly deployed and maintained across all your global locations.

Through our alliance with RackSpace, a Gartner magic quadrant leader in enterprise hosting and managed IT services, your myComplianceManager system is fully hosted at a Tier 1 Data Center with world-class infrastructure, security, and managed services, including redundant power and environmental systems. Below is a list of certifications and independent audit reports that verify the effectiveness of our current data security program.

  • SSAE-16 Type II SOC 2 Audit Report conducted annually by independent firms
  • ISO/IEC 27001 Certificate of Compliance
  • PCI DSS 3.1 Attestation of Compliance
  • EU-US and Swiss-US Privacy Shield
  • Security measures that are compliant with GDPR and Privacy Law requirements

If you have any questions or would like more information regarding our information security program, please contact your myCM representative or e-mail to:



Our information security program includes a fully integrated portfolio of devices and services that cover all three critical security areas:  physical security; operational security and system security. In addition, all myCM solutions employ multiple tiers of Application-level security.


Physical Security

  • Site is gated and manned 24x7x365 with Data Center Operations personnel
  • Card reader access is required to enter facility
  • Biometric scanner access required to enter Data Center floor
  • Security cameras and proximity readers track all movement between areas
  • Servers are caged & locked; physical access is logged and limited to pre-screened, authorized technicians
  • SSAE-16 Compliant: All security protocols are audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Threat management and intrusion detection systems prevent unauthorized traffic
  • Data protection with managed and encrypted backup solutions
  • Distributed Denial of Service (DDoS) mitigation services

Operational Security

  • Policies and procedures based on the Trust Services Principles (TSP) security standards, regularly reviewed as part of our internal risk-assessment process
  • Data Center protocols based on ISO 27000 and PCI security framework families
  • Business continuity programs with formal monitoring/testing to prevent and mitigate disruptions
  • Pre-screening procedures for all personnel
  • Employees trained on documented information security and privacy procedures
  • Access to confidential information restricted to authorized personnel
  • System access requires authentication and is limited, logged, and tracked
  • Secure document-destruction policies for all sensitive information
  • Documented change-management procedures, with separate development, test and production environments

Application Security

  • Initial passwords are randomly generated; user access is logged and subject to denial of service controls
  • All passwords are encrypted during transmission and hashed while at rest
  • All pre-authorized sensitive client data is encrypted in transit and at rest
  • User access security is multi-tiered, including user authentication, role-based security, task-based security and client-defined permission-based security
  • Optional SAML single-sign-on security service
  • Secure media handling and destruction procedures for all client data
  • Support-ticket history logged, reviewed and approved via the myCM Portal

Your data is safe with us.

Contact us to learn more about our secure solutions.