Security

Organizational Security

Information Security Program
We have an Information Security Program in place that is communicated throughout the organization. Our program follows the criteria set forth by the SOC 2 Framework, a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.

Third-Party Audits
We undergo independent third-party assessments to test our security and compliance controls.

Third-Party Penetration Testing
We perform annual independent third-party penetration tests to ensure the security posture of our services remains uncompromised.

Roles and Responsibilities
Roles and responsibilities related to our Information Security Program and the protection of customer data are well-defined and documented. All team members are required to review and accept our security policies.

Security Awareness Training
Team members participate in security awareness training covering industry best practices and topics such as phishing and password management.

Confidentiality
All team members sign and adhere to a standard confidentiality agreement prior to their first day of work.

Background Checks
We perform background checks on all new team members in accordance with local laws.

Cloud Security

Cloud Infrastructure Security
Our cloud environments are backed by Microsoft’s security measures.

Data Hosting Security
All data is stored in the United States.

Encryption at Rest
Databases are encrypted at rest.

Encryption in Transit
Applications encrypt data in transit with TLS/SSL only.

Vulnerability Scanning
We perform regular vulnerability scanning and actively monitor for threats.

Logging and Monitoring
We actively monitor and log various cloud services.

Business Continuity and Disaster Recovery
We utilize backup services from our data hosting provider to mitigate the risk of data loss during hardware failures. Monitoring services alert our team to issues affecting users.

Incident Response
We have a defined process for handling security events, including escalation procedures, rapid mitigation, and communication.

Access Security

Permissions and Authentication
Access to cloud infrastructure and sensitive tools is limited to authorized employees who require it for their role. We implement Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies wherever possible.

Least Privilege Access Control
We follow the principle of least privilege for identity and access management.

Quarterly Access Reviews
Access reviews are performed quarterly for all team members with sensitive system access.

Password Requirements
Team members must adhere to strict password requirements to ensure access security.

Password Managers
Company-issued laptops are equipped with password managers to maintain password complexity and security.

Vendor and Risk Management

Annual Risk Assessments
We conduct annual risk assessments to identify potential threats, including fraud risks.

Vendor Risk Management
Vendor risk is evaluated, and appropriate reviews are performed before authorizing new vendors.

Contact Us

If you have any questions, concerns, or wish to report a potential security issue, please contact support@marketpush.com.