Security & Compliance
Your security and trust are paramount. Learn about our comprehensive security practices and certifications.
At MERP Systems, we take security and data protection seriously. We maintain industry-leading security practices and hold multiple certifications to ensure your data is protected.
Security Infrastructure
Our infrastructure is built with security-first principles.
We leverage Microsoft Azure's enterprise-grade security infrastructure with SOC 2 Type II compliance and continuous threat monitoring.
All data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256 encryption standards.
We implement role-based access control (RBAC) with multi-factor authentication (MFA) for all administrative access.
Our network is protected by advanced firewalls, intrusion detection systems, and DDoS mitigation.
Certifications & Compliance
We maintain multiple industry certifications to demonstrate our commitment to security.
ISO 27001
Information Security Management System certification
SOC 2 Type II
Service Organization Control audit for security, availability, and confidentiality
FISMA Compliant
Federal Information Security Management Act compliance for government systems
HIPAA Compliant
Health Insurance Portability and Accountability Act compliance for healthcare data
GDPR Compliant
General Data Protection Regulation compliance for EU data protection
FedRAMP
Federal Risk and Authorization Management Program authorization
Secure Development Practices
Security is integrated into every stage of our development process.
All code undergoes peer review with focus on security vulnerabilities and best practices.
We use static application security testing tools to identify vulnerabilities early in development.
Third-party dependencies are regularly scanned for known vulnerabilities and kept up-to-date.
Our development team receives ongoing security training and stays current with security trends.
We conduct regular penetration testing and vulnerability assessments by third-party security experts.
Incident Response
We have a comprehensive incident response plan to quickly address any security issues.
Our incident response team is available 24/7 to respond to security incidents. We follow industry best practices including immediate investigation, containment, notification, and remediation. We maintain detailed logs and analytics to help prevent future incidents.
Vulnerability Disclosure
We welcome responsible security research and disclosure.
If you discover a security vulnerability, please report it to info@merpsystems.com with details about the issue. Please allow us 90 days to investigate and remediate before public disclosure. We appreciate your help in keeping our systems secure.
Employee Security
Our employees are trained and committed to security.
- Mandatory security awareness training for all employees
- Background checks and vetting for all staff
- Strict access controls based on job role and necessity
- Regular security briefings and threat updates
- Non-disclosure and confidentiality agreements
- Security incident reporting procedures
Business Continuity & Disaster Recovery
We maintain robust backup and disaster recovery procedures.
Our systems are deployed across geographically distributed data centers with automatic failover. We maintain regular backups with tested recovery procedures. Our Recovery Time Objective (RTO) is 4 hours and Recovery Point Objective (RPO) is 1 hour for critical systems.