We’re committed to delivering a secure and extensible platform that meets the needs of today’s largest organizations.

SECURITY

DATA CENTER SECURITY & REDUNDANCY

We work with top-tier hosting partners to ensure that you can deliver services to your organization confidently on a platform you can trust. We have multi-site data redundancy, hosting at Equinix and AWS facilities, and our facilities are ICPA SOC 1 examined and tested as well as ISO 27001 certified  Our monitoring includes biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management. 

DATA SECURITY

We build security into our product to ensure that your most valuable asset—your data—is protected. We contract with third-party security professionals to conduct annual security assessments. Our internal security includes third-party assessments by an external security firm and quarterly administrative access audits. Our multi-layer data access permissions enables partner security and  includes policy and procedure review. 

ENCRYPTION

Encryption serves as the last and strongest line of defense in a multilayered data security strategy. Mserve uses encryption to safeguard your data and help you maintain control over it. Here’s what you can rely on from Mserve: all data durably stored with NIST approved ciphers, proven transport layer security (TLS) technology from the most trusted providers, AES 256 at-rest encryption, Amazon’s S3 service to store and serve uploaded files.

OPERATIONAL MANAGEMENT

We have implemented policies and procedures designed to ensure that your data is secure and backed up to multiple physical locations. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Subscription Service. Access to all Mserve production systems and data is limited to authorized members of the Mserve Technical Operations team.

PRIVACY

PRIVACY POLICY

At Muzna, we value your privacy and respect your right to know how information about you is collected and used. Our privacy policy describes how we collect, use, and disclose personal and other information we gather through our websites, our mobile applications, and the work execution platforms. Our Privacy Policy.

GENERAL DATA PROTECTION REGULATION

The General Data Protection Regulation (GDPR) is a European regulation that took effect on May 25, 2018, and sets out new standards for the protection and processing of personal data. Learn more about Muzna and the GDPR, including how to request a Data Processing Agreement (DPA) with Muzna as a data processor. Our Privacy Policy.

GOVERNMENT REQUESTS

When governments or law enforcement entities make lawful requests for customer data from Muzna, we are committed to complying while carefully limiting what we disclose. Because we believe that customers should have control over their own data, we will release only the information that we must to comply with the lawful request. Our Privacy Policy.

GOVERNANCE

EVENT REPORTING

Running your business processes — from team projects to strategic initiatives — on Mserve means that it’s critical to have detailed, enterprise-wide visibility into user activity. With Mserve Reporting, you can monitor user behavior, and view activity and actions taken within the platform. Event Reporting helps to ensure organizational compliance by letting you see the granular details of who is doing what in Mserve and when. You can quickly identify abnormal behavior and affirm that one of your company’s most valuable assets — your data — is being used within the established guardrails.

GLOBAL SECURITY CONTROLS

Mserve has extensive administrator controls available to allow you to manage and audit access, ownership, and usage. Some of the global security controls available today include account discovery, resource management, and custom user welcome screens. For detailed information on how to configure and manage global security controls and settings in Mserve, please contact us.

USER ACCESS & AUTHENTICATION

Securing systems, applications, and data begins with identity-based access controls. The identity and access management features that are built into Mserve help protect your organizational and personal information from unauthorized access, while making it available to legitimate users whenever and wherever they need it. For detailed information on how to manage your authentication options in Mserve, please contact us.

CONFIGURATION

Mserve offers a number of configuration controls that allow you to set up plans and users in a way that best supports your business objectives. Globally configure user types to designate what individuals can and can’t do with your Mserve account, automatically add users to an enterprise account with automated user provisioning, or adjust account settings for features and working days.

PERMISSIONS

It’s no secret that people across a single organization use Mserve in very different ways. Because every user isn’t the same, we give you the ability to grant user-based permission levels to make sure the right people have the appropriate level of access to the data and capabilities within Mserve. For detailed information on how to manage user permissions in Mserve, please contact us.

REPORTS & VISIBILITY

As an IT or account administrator, you need visibility into how your users and organization are using Mserve. Mserve offers a number of standard and custom reports to give you the insight you need to audit and manage your users. Learn more about how to use the Activity Log feature and SysAdmin features like the Login History tab on the Account Administration form to view user activity data.

COMPLIANCE

PAYMENT DATA SAFEGUARDS

PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis. Muzna utilizes PayPal and CyberSource for processing all payment card transactions. Using these partners means personally identifying payment card data is never visible to any Muzna employee, and is never stored in the Mserve data store. All payment processing is performed using PCI DSS compliant merchant services.

FERPA

Educational institutions subject to FERPA must use cloud services in compliance with FERPA requirements. We can help customers understand product security controls as well as establish appropriate contractual reassurances that Mserve will manage student information appropriately and according to the institution’s direction. Muzna group will make a number of contractual commitments upon request to support educational institutions with whom MG has entered into a Subscription Agreement. Contact care@muznagroup.com for more information on these commitments or with any questions you may have about FERPA compliance with Mserve.

GLBA

Financial institutions subject to the Gramm-Leach-Bliley Act (“GLBA”) must assess whether and how it may use cloud services like Mserve in compliance with GLBA requirements. We can help customers understand the privacy and security controls for our products. We contractually commit to maintaining certain security safeguards. Please contact care@muznagroup.com for more information on how we can support customers with obligations under GLBA.

SOC

The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. Muzna completes annual SOC 2 Type 2 and SOC 3 reports for our work execution platform. For more information on our SOC reports, please contact care@muznagroup.com.

HIPAA

Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Unless you have signed a Business Associate Agreement with Muzna, you may not store PHI in Mserve. HIPAA compliance is dependent on your adherence to the Mserve HIPAA Implementation Guide. The guide provides information on features and security controls that must be adjusted to ensure HIPAA-compliance.