Microdynamics Group recognizes and appreciates the trust you place in us to process your work and we take that responsibility very seriously. We continue to do our best to ensure that our processes, controls, and standards provide the highest level of secured transaction communication services. The Company has implemented extensive security measures, and continues to invest in the people, process controls, and technology improvements that ensure the integrity, confidentiality, and security of client data and transaction communications.
Service Organization Control Reports
Microdynamics SSAE‐18 Service Organization Control (SOC) audits represent a significant ongoing commitment to the quality, integrity, and security of services provided to you, our client, and by extension to the services you offer to your customers. The current SOC1 Type‐2 audit was completed by Dixon Hughes Goodman, LLP for the period ending September 30th 2018. MDG also conducts a SOC2 Type‐2 audit based upon the AICPA Trust Principles and controls related to Security, Confidentiality, and Availability. Audit periods begin annually on October 1st and are concluded on September 30th of the following year. SOC Audit Reports for each period are typically available to clients beginning in December.
MDG is in compliance with GLBA, HIPAA, IRS Pub‐1075, and IRS Pub‐4812 information security regulations and standards relevant to transaction communication service providers. MDG regularly undergoes information security examinations and audits by regulators including the Federal Financial Institutions Examination Council (FFIEC) and the IRS. Several clients also conduct risk assessments and audits to support their compliance requirements. These examinations and audits typically include a full range of risk‐based assessments of systems, security, standards, processes, and controls.
Microdynamics is also in compliance with Payment Card Industry security standards required by MasterCard, Visa and American Express. An annual audit (PCI DSS SAQ) is conducted to ensure compliance with the PCI standard and regular network security scans are conducted by an approved service provider.
Network & Data Security
MDG has implemented redundant circuits with carrier diversity, and a multi‐layered approach to network and information security. Separate firewalls and DMZs are deployed to handle pre‐authorized circuit‐based connections and support SFTP and internet‐based VPN connections. Firewalls are configured to monitor, detect, and prevent intrusions and/or botnet traffic that may be related to a DDoS attack. Public‐facing servers are deployed in DMZ segments behind internet firewalls.
Microdynamics systems perform real time network, systems, application, security, performance, and software patch monitoring. Internal and external vulnerability and patch management scans are performed on a regular basis. Control alerts are generated when designated thresholds have been detected in critical areas, and software patches and updates are routinely applied. Viruses and other malicious software are kept in check through network‐edge anti‐virus, anti‐spyware, and intrusion‐prevention systems.
Access to Microdynamics facilities is managed by an integrated card‐biometric access system and CCTV digital video recordings. A pre‐authorized photo‐ID badge with a matching biometric read is required. Security cameras are strategically located throughout each facility, providing ongoing CCTV surveillance and video retention.
Applicant screening conducted during the hiring process includes E‐Verify (Department of Homeland Security), a multi‐jurisdictional 10‐year criminal background check, credit history review, and substance screening. Random substance screening is conducted monthly, and background rescreening is conducted every 3 years. Some employees also undergo additional IRS‐required background screening.
Training & Confidentiality
Employee training for security, confidentiality, privacy, and safety is completed for new hires within 30 days of initial employment and is renewed annually thereafter. Employees are also required to sign Code‐of‐Conduct and Confidentiality agreements. Some employees also complete additional IRS‐required security and compliance training.