We’re committed to delivering a secure and extensible platform that meets the needs of today’s largest organizations.
DATA CENTER SECURITY & REDUNDANCY
We work with top-tier hosting partners to ensure that you can deliver services to your organization confidently on a platform you can trust. We have multi-site data redundancy, hosting at Equinix and AWS facilities, and our facilities are ICPA SOC 1 examined and tested as well as ISO 27001 certified Our monitoring includes biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management.
We build security into our product to ensure that your most valuable asset—your data—is protected. We contract with third-party security professionals to conduct annual security assessments. Our internal security includes third-party assessments by an external security firm and quarterly administrative access audits. Our multi-layer data access permissions enables partner security and includes policy and procedure review.
Encryption serves as the last and strongest line of defense in a multilayered data security strategy. Mserve uses encryption to safeguard your data and help you maintain control over it. Here’s what you can rely on from Mserve: all data durably stored with NIST approved ciphers, proven transport layer security (TLS) technology from the most trusted providers, AES 256 at-rest encryption, Amazon’s S3 service to store and serve uploaded files.
We have implemented policies and procedures designed to ensure that your data is secure and backed up to multiple physical locations. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Subscription Service. Access to all Mserve production systems and data is limited to authorized members of the Mserve Technical Operations team.
GENERAL DATA PROTECTION REGULATION
Running your business processes — from team projects to strategic initiatives — on Mserve means that it’s critical to have detailed, enterprise-wide visibility into user activity. With Mserve Reporting, you can monitor user behavior, and view activity and actions taken within the platform. Event Reporting helps to ensure organizational compliance by letting you see the granular details of who is doing what in Mserve and when. You can quickly identify abnormal behavior and affirm that one of your company’s most valuable assets — your data — is being used within the established guardrails.
GLOBAL SECURITY CONTROLS
Mserve has extensive administrator controls available to allow you to manage and audit access, ownership, and usage. Some of the global security controls available today include account discovery, resource management, and custom user welcome screens. For detailed information on how to configure and manage global security controls and settings in Mserve, please contact us.
USER ACCESS & AUTHENTICATION
Securing systems, applications, and data begins with identity-based access controls. The identity and access management features that are built into Mserve help protect your organizational and personal information from unauthorized access, while making it available to legitimate users whenever and wherever they need it. For detailed information on how to manage your authentication options in Mserve, please contact us.
Mserve offers a number of configuration controls that allow you to set up plans and users in a way that best supports your business objectives. Globally configure user types to designate what individuals can and can’t do with your Mserve account, automatically add users to an enterprise account with automated user provisioning, or adjust account settings for features and working days.
It’s no secret that people across a single organization use Mserve in very different ways. Because every user isn’t the same, we give you the ability to grant user-based permission levels to make sure the right people have the appropriate level of access to the data and capabilities within Mserve. For detailed information on how to manage user permissions in Mserve, please contact us.
REPORTS & VISIBILITY
As an IT or account administrator, you need visibility into how your users and organization are using Mserve. Mserve offers a number of standard and custom reports to give you the insight you need to audit and manage your users. Learn more about how to use the Activity Log feature and SysAdmin features like the Login History tab on the Account Administration form to view user activity data.
PAYMENT DATA SAFEGUARDS
PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis. Muzna utilizes PayPal and CyberSource for processing all payment card transactions. Using these partners means personally identifying payment card data is never visible to any Muzna employee, and is never stored in the Mserve data store. All payment processing is performed using PCI DSS compliant merchant services.
Educational institutions subject to FERPA must use cloud services in compliance with FERPA requirements. We can help customers understand product security controls as well as establish appropriate contractual reassurances that Mserve will manage student information appropriately and according to the institution’s direction. Muzna group will make a number of contractual commitments upon request to support educational institutions with whom MG has entered into a Subscription Agreement. Contact email@example.com for more information on these commitments or with any questions you may have about FERPA compliance with Mserve.
Financial institutions subject to the Gramm-Leach-Bliley Act (“GLBA”) must assess whether and how it may use cloud services like Mserve in compliance with GLBA requirements. We can help customers understand the privacy and security controls for our products. We contractually commit to maintaining certain security safeguards. Please contact firstname.lastname@example.org for more information on how we can support customers with obligations under GLBA.
The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. Muzna completes annual SOC 2 Type 2 and SOC 3 reports for our work execution platform. For more information on our SOC reports, please contact email@example.com.
Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Unless you have signed a Business Associate Agreement with Muzna, you may not store PHI in Mserve. HIPAA compliance is dependent on your adherence to the Mserve HIPAA Implementation Guide. The guide provides information on features and security controls that must be adjusted to ensure HIPAA-compliance.