Information Security Program. We will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) satisfy our security objectives, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to our systems, and (c) minimize security risks, including through risk assessment and regular testing. We will designate one or more employees to coordinate and be accountable for the information security program.
Network Security. Our systems will be electronically accessible to employees, contractors and any other person as necessary to provide or improve our services. We will maintain access controls and policies to manage what access is allowed to our systems from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. We will maintain corrective action and incident response plans to respond to potential security threats impacting your data.
Physical Security. Our services utilize AWS cloud services and operate from AWS data centers. The physical security of AWS data centers is independently evaluated by an external auditor as part of ongoing AICPA SOC 2 audits, FedRAMP Moderate, and FedRAMP High assessments. You can obtain copies of these audit results and other AWS compliance reports from the AWS Artifact service.
Continued Evaluation.We will conduct periodic reviews of the security of our systems and adequacy of our information security program as measured against industry security standards and our policies and procedures.We will continually evaluate the security of our systems and associated services to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews. We may modify these MCF Security Standards from time to time but will continue to provide at least the same level of security as is described here.
