As standard protocol, MC Software provides each registered user in your organization with a unique username and password that must be entered upon each login. As an additional security feature, multi-factor/out-of-band authentication can be utilized whereby unique one-time passwords are sent to a registered user’s phone and must in turn be correctly sent back to the Service to authenticate each login. This multi-factor security precaution helps ensure that only the authentic registered user is accessing the Service upon each login since each user should have sole control and possession of their phone and only they should know their unique username and password.
MC Software, LLC utilizes the most advanced security protection technologies available today to safeguard user data. When you access our Software as a Service, Secure Socket Layer (SSL) technology protects your information using both server authentication and 256-‐bit RSA algorithm based data encryption, ensuring that your data is safe, secure, and available only to the registered users in your organization. Both inbound and outbound data are encrypted to ensure the safest transfer to our servers. In addition, each client’s data is encrypted and stored in an individualized, separated and secure database that is accessible only by the unique client users.
MC Software tests all code for security vulnerabilities before any and all releases, regularly scanning our infrastructure for vulnerabilities and potential security threats. MC Software performs the following procedures on regular basis:
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Security control framework review and testing
- User roles and permissions testing
MC Software advanced permissions and role model in the application software system ensures that users have access only to the data and files which have been assigned to or shared with them. Additionally, MC Software’s application can notify account administrators about major events happening within their accounts.
Secure Server Environment
MC Software’s system is hosted in a secure server environment that is ISO 27001, SSAE 16, ISAE 3402, and PCI DSS compliant and utilizes advanced security technologies that include biometric, facial recognition, and hardware token identification. Our Security Specialists monitor notification from various sources and alerts from internal systems to identify and manage threats. Other safeguards include:
Access control and physical security
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Computing equipment in access-controlled steel cages
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Humidity and temperature control
- Redundant (N+1) cooling system
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-‐site diesel fuel storage
- Concrete vaults for fiber entry
- Redundant internal networks
- Network neutral; connects to all major carriers and located near major Internet hubs
- High bandwidth capacity
MC Software uses advanced backup system for daily backup of all our infrastructure servers. Separate procedures perform backups of our clients’ data every 12 hours to assure minimal data loss. All backups are cloned over secure links to a secure archive that is transported offsite in redundant facilities and are securely destroyed when expired.
We provide security and compliance services designed to help protect our clients’ information and data. This effort also focuses on ensuring that MC Software has the ultimate controls in place to manage the potential risk of any and all interruptions that may impact our service.