Security

Security Assurance Programs

The cyber, data security and privacy considerations during a transaction arise in three phases. First, the pre deal due diligence and how the seller can make sufficient sensitive – corporate and personal – information available to bidders and buyers while protecting it adequately. Second, evaluation by the prospective purchaser of the state of security and privacy – for instance, protection of corporate data assets – at the target company and any representations it has made to customers or regulators in those areas as part of the due diligence process. Third and finally, the transition phase where data is being transferred or exchanged, or the networks of the two companies are being integrated while continuing to support corporate operations. The importance of data – either intellectual property or customer information – as a corporate asset of the target entity will drive the attention that is given to the security and protection of that data.

MergerWare, through its partnership with Amazon Web Services (AWS) and Microsoft (Azure) supports a vast array of compliance programs. MergerWare adheres to the highest security and data protection standards available in the cloud.

SOC Reports

Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance.The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria

EU GDPR

The EU Data Protection Directive refers to the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as Directive 95/46/EC). Broadly, this Directive sets out a number of data protection requirements, which apply when personal data is being processed.

MergerWare customers can choose to use one region, all regions or any combination of regions where their data will be stored.  This allows customers with specific geographic requirements to establish environments in a location(s) of their choice

QUALYS SSL LABS

SSL Labs is a collection of documents, tools and thoughts related to SSL. It's an attempt to better understand how SSL is deployed, and an attempt to make it better.

Every instance provided by Mergerware to its clients is certified by SSL Labs as having A+ RATING ,the highest possible rating in the industry

Cloud Security Alliance

MergerWare and AWS participate in the Cloud Security Alliance (CSA). CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud —providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trust cloud ecosystem

PENETRATION TESTING

A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data,as well as strengths,enabling a full risk assessment to be completed.

MergerWare has been certified by TÜV SÜD South Asia for Vulnerability Assessment & Penetration Testing  and is a testimony of its robustness.

ISO 27001

MergerWare is in process of achieving an active Information Security Management System (ISMS) aligned with ISO 27001. ISO 27001 is an international security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. 

Platform Security Features

Network Security

All network interactions are on TLS (TLS 1.0 / 1.1/1.2)

 

TLS termination on Load balanced NGINX server

 

Connections from App server and DB server are on TLS

 

A+ rating awarded by SSL Labs

 

Multi Factor authentication is on by default

Storage Security

AWS Simple Storage Service (S3) has server side encryption enabled in all buckets

 

All documents are AES (256) encrypted and stored in S3. This is done at application layer to prevent worst case scenario of leaks at AWS level

 

All backups are encrypted and stored in S3

 

S3 guarantees 99.999999999% durability

Host Security

All partitions (Root and mounted ones) are encrypted

 

Restrictive AWS Security Group definition

 

Database installed on secure host with encrypted partition

Operating System Security

Customised hardened Ubuntu machine image (AMI) with host firewall, intrusion detection, prevention and monitoring tools