Security on the Mercury Network

Security & Gramm-Leach-Bliley Act Compliance

At a la mode, we take the job of protecting your data and that of your customers very seriously. We have implemented systems and policies to ensure that your data is safe and compliant. Mercury Network, VMP XSites, and SureDocs fully comply with the FTC regulations regarding the Gramm-Leach-Bliley Act. This document describes the areas affected and falling under the Act along with a description of how we safeguard data and maintain compliance.

Protection from unauthorized access during the report upload process

Documents and data uploaded to our servers are protected by a 1024 bit SSL connection. This means that every piece of data viewed and every document opened is protected by this encryption.

Protection while recipients retrieve reports

In order to comply with the Safeguards and Privacy rules of the GLB Act, our products do not send reports or documents as attachments to e-mail messages.  E-mail is only used to send notifications and instructions for retrieving to recipients. Reports are retrieved from Mercury Network across secure encrypted HTTPS web connections.

Protection from unauthorized access while in our custody

Once in our custody, electronic access to reports and data is restricted to key personnel who develop and maintain the systems. We implement a hardware firewall solution that prevents direct access to any of our servers from outside the building.

Physical access to the data is protected in our network operations center by multiple layers of security. Physical access from outside the building to the general offices is secured by electronic card access. Anyone without a security badge is not even able to enter the general offices. Once inside the general offices, access to the network center itself is again limited by card access to key personnel who maintain the systems. Logs are kept of all access to any door.  a la mode will comply with all applicable state and federal laws requiring notification in the event of a breach of personal information.

Protecting data from power failure and disaster

All reports and data sent on Mercury Network is hosted at a la mode's state of the art data center located in Oklahoma City, Oklahoma. In addition, we have two backup data centers, one in Salt Lake City and another one in Oklahoma City.  Each of the data centers houses at least one redundant system and boasts redundant power employing uninterruptible power supplies and generators capable of supplying them with power for an indefinite period of time. In the event of a disaster affecting the physical location of the Oklahoma City data center, a la mode is capable of becoming fully functional by employing a combination of the three alternate data centers.

Definitions

Gramm-Leach-Bliley

The Gramm-Leach Bliley (i.e., GLB) Act requires financial institutions to take steps to ensure the security and confidentiality of "customer" records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The GLB Act broadly defines "financial institution" as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including "making, acquiring, brokering, or servicing loans" and "collection agency" services. The GLB Act requires government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The regulations required all covered businesses to be in full compliance by July 1, 2001.

HTTPS

(Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol, developed by Netscape, built into browsers, that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is the use of Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.)

SSL: Secure Sockets Layer 

Used by most commerce servers on the World Wide Web, this high-level security protocol protects the confidentiality and security of data while it is being transmitted through the Internet. Based on RSA Data Security's public-key cryptography, SSL is an open protocol that has been submitted to several industry groups as the industry security standard. Denoted by the letters HTTPS in the URL.