Confidentiality, Integrity, and Protecting Client Data
At MPX, the confidentiality, integrity and availability of client data and processing services are at the core of our business. We go to great lengths to consistently meet and exceed expectations. Our information security program is built on the foundation of the NIST Cybersecurity Framework and CIS Critical Controls, with a “security first” approach to compliance.
CERTIFICATIONS
Going above and beyond to achieve the highest data security standards across the industries we serve.
We undergo annual third-party audits to test physical and logical security controls, backup and disaster recovery plans, and application development practices.
SSAE 18 Type II
Certified with SOC 2 standards under the SSAE 18 security protocol with annual third party audits.
HITRUST
Audited under some of the toughest security requirements in the healthcare industry.
HIPAA
Our control environment is designed to satisfy requirements for HIPAA compliance through high security standards and other rigorous certifications.
PCI Level 1
The Payment Card Industry (PCI) Security Program is designed to protect online and offline credit and debit card transactions from data theft and fraud. PCI Level 1 is the highest level of these standards.
our process
Reliability & Redundancy
MPX has embraced the increased security and scalability of the cloud era. Data is received and processed in our state-of-the-art Amazon Web Services processing infrastructure, and multi-region architecture provides for site resiliency and redundancy.
Compliance & Testing
MPX performs annual testing of physical and logical security controls, backup and disaster recovery plans, and application development practices. Additionally, MPX undergoes annual network and application penetration testing and third-party hosting providers are required to provide SOC and other relevant compliance documentation prior to any integration.
Business Continuity & Disaster Recovery
MPX maintains a redundant print production facility at a separate geographical location, which is tested annually and stocked with client materials for immediate use. MPX has a documented and tested disaster recovery plan that defines clear roles and processes for assessing the impact of a disaster and responding accordingly to restore services.
OUR PEOPLE
Always an MPX Priority
Employees are trained annually and monthly with rotating security topics in addition to training throughout the year when processes change. This commitment to security training ensures that everyone is aware, understands, and follows all documented procedures and data security requirements. New employees go through a rigorous background check and training program upon being hired. Our culture is one of significant cross-training and continuous improvement and information security is at the forefront for every employee.