Security Assurance Programs
The cyber, data security and privacy considerations during a transaction arise in three phases. First, the pre deal due diligence and how the seller can make sufficient sensitive – corporate and personal – information available to bidders and buyers while protecting it adequately. Second, evaluation by the prospective purchaser of the state of security and privacy – for instance, protection of corporate data assets – at the target company and any representations it has made to customers or regulators in those areas as part of the due diligence process. Third and finally, the transition phase where data is being transferred or exchanged, or the networks of the two companies are being integrated while continuing to support corporate operations. The importance of data – either intellectual property or customer information – as a corporate asset of the target entity will drive the attention that is given to the security and protection of that data.
MergerWare, through its partnership with Amazon Web Services (AWS) and Microsoft (Azure) supports a vast array of compliance programs. MergerWare adheres to the highest security and data protection standards available in the cloud.
Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance.The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria
The EU Data Protection Directive refers to the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as Directive 95/46/EC). Broadly, this Directive sets out a number of data protection requirements, which apply when personal data is being processed.
MergerWare customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice
QUALYS SSL LABS
SSL Labs is a collection of documents, tools and thoughts related to SSL. It's an attempt to better understand how SSL is deployed, and an attempt to make it better.
Every instance provided by Mergerware to its clients is certified by SSL Labs as having A+ RATING ,the highest possible rating in the industry
Cloud Security Alliance
MergerWare and AWS participate in the Cloud Security Alliance (CSA). CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data,as well as strengths,enabling a full risk assessment to be completed.
MergerWare has been certified by leading global Pen test companies and is a testimony of its robustness
MergerWare is in process of achieving an active Information Security Management System (ISMS) aligned with ISO 27001. ISO 27001 is an international security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance.