Microdynamics recognizes and appreciates the trust you place in us to process your work and we take that responsibility very seriously. We continue to do our best to ensure that our processes, controls, and standards provide the highest level of secured transaction mail services and produce the expected results. The Company has implemented extensive security measures, and continues to invest in process and technology improvements to ensure the integrity and security of client data and transaction mail.
Microdynamics SSAE16 initiative, formerly known as SAS70, represents a significant ongoing commitment to the quality, integrity, and security of services provided to you, our client, and by extension, to the services you offer to your customers. The current SSAE16 Type-2 audit for Processes and Systems Related to Transactional Mail Processing was completed for the period ending September 30th 2011 by Grant Thornton, LLP. Audit periods begin annually in October and are completed at the end of the following September. A corresponding Service Organization Control (SOC) Report is typically available during December.
Microdynamics regularly undergoes examinations and audits by various regulators including the Federal Financial Institutions Examination Council (FFIEC), and standards groups, e.g., the Payment Card Industry (PCI), as well as audits conducted by several of its largest clients. These examinations and audits typically include a full range of risk-based assessments of systems, security, standards, processes, and controls.
Microdynamics is in compliance with Payment Card Industry security standards adapted by MasterCard, Visa and American Express. An annual audit (PCI DSS SAQ) is conducted to ensure compliance with PCI standard and regular network security scans are conducted by an approved service provider.
Network & Data Security:
The Company uses a multi-layered approach to network and information security. Multiple separate firewalls and DMZs are deployed to handle pre-authorized circuit-based connections and support SFTP and internet-based VPN connections with our clients. Public-facing servers are deployed in DMZ segments behind internet firewalls.
Microdynamics systems perform real time network, systems, application, security performance, and software patch monitoring. Control alerts are generated when designated thresholds have been detected in any critical areas, and software patches and updates are automatically applied. Internal vulnerability and patch management scans are performed on a regular basis. Viruses and other malicious software are kept in check through network-edge anti-virus, anti-spyware and intrusion-prevention systems.
Access to Microdynamics facilities is managed by an integrated card-biometric access system and CCTV digital video recordings. A pre-authorized photo-ID badge with a matching biometric read is required. Security cameras are strategically located throughout each facility, providing ongoing CCTV surveillance and video retention.
Training & Confidentiality:
Employee training for security, confidentiality, privacy, and safety is conducted for new hires shortly after initial employment and is renewed annually thereafter. Employees are also required to sign Code-of-Conduct and Confidentiality agreements.