Security Practices, Policies, & Infrastructure
We understand the confidentiality, integrity, and availability of your information are all vital to your business’s and our own success.
We use a multi-layered approach to protect your information; constantly monitoring and improving our applications, systems, and processes to meet your growing security demands.
Altogether, our comprehensive tools, best practices, and strict policies work to ensure your data is rigorously protected and secure.
This document outlines some of the mechanisms and processes we’ve implemented to help ensure your data is protected. Our security practices are grouped in four different areas: Network Security, People Processes, Physical Security, and Redundancy and Business Continuity.
Security Certifications
SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria. The following are the Trust Service Principles:
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely, and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.
Network Security
Our network security and infrastructure protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices, stated broadly for security purposes. If you require more details, please contact us.
- 128/256-bit SSL. The communication between your computer and our servers is encrypted using strong 128-bit keys (256-bit keys in many cases). This means even if the information traveling between your computer and our servers is intercepted, it would be nearly impossible for anyone to make any sense of it.
- IDS/IPS. Our network is gated and screened by powerful and certified Intrusion Detection/Intrusion Prevention Systems.
- Control and Audit. All access is controlled and audited.
- Secured/Sliced Down OS. MadeMarket applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
- Virus Scanning. Traffic coming into MadeMarket Servers is automatically scanned for harmful viruses using state-of-the-art virus scanning protocols updated regularly.
People Processes
MadeMarket employs world-class best practices for managing security and data protection risks.
Designing and running data center infrastructure requires more than just technology, but a disciplined approach to people-driven processes. This includes policies about escalation, management, knowledge sharing, risk, as well as day-to-day operations.
- Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need it to provide support and troubleshooting on our customers' behalf.
- Audits. Audits are regularly performed and the whole process is reviewed by management.
- As-Needed Basis. Accessing data center information as well as customer data is done on an as-needed only basis and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.
Physical Security
Our data centers are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks and natural disasters.
- 7x24x365 Security. The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by security guards.
- Video Monitoring. Each data center is monitored 7x24x365 by state-of-the-art electronic surveillance.
- Controlled Entrance. Access to the MadeMarket data centers is tightly restricted and access is authorized strictly.
- Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter a MadeMarket data center.
- Undisclosed locations. MadeMarket servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
- Multiple Geographic Regions. Geographic redundancy allows your data to remain resilient in the face of most failure modes, including natural disasters or system failures.
Redundancy and Business Continuity
One of the foundational principles of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.
- Power Redundancy. MadeMarket configures its servers for power redundancy – from power supply to power delivery.
- Internet Redundancy. MadeMarket is connected to the world and you through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
- Redundant Network Devices. MadeMarket runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
- Redundant Cooling and Temperature. Intense computing resources generate a lot of heat and thus need to be cooled to guarantee a smooth operation. MadeMarket servers are backed by N+2 redundant HVAC systems and temperature control systems.
- Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.
- Fire Prevention. The MadeMarket data centers are guarded by industry-standard fire prevention and control systems.
- Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.
For more information on our security policy and certifications, please contact security@mademarket.co
Vulnerability Reporting
MadeMarket values the work done by security researchers in improving the security of our service offerings and we are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities. To report a security issue please contact security@mademarket.com
Try it today
Find your team or create a new one