MRG’s Technology and our Commitment to Data Security
We ensure data is safe and protected by taking a multi-faceted approach to system security:
- We are in full compliance with current GDPR regulations.
- MRG operates within the European Commission’s current defined parameters (as of July 2020) to continue to use SCCs to transfer data safely from the EU and Switzerland to the United States. The European Commission’s SCCs, otherwise known as model contracts or clauses, are contract terms developed and approved by the European Commission as ensuring adequate protection for data subjects in accordance with the EU Data Protection Directive 95/46/EC when transferring personal data from the EEA to the U.S.
- MRG has proven, demonstrated commitment to safe data transit principles, including use of European EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complies with the advice given by such authorities with regard to all data transferred from the EU and Switzerland.
- MRG remains certified with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
- All internet traffic is encrypted using https standards and 256-bit SSL/TLS 1.2 encryption. We use hardware accelerated 256-bit AES encryption to completely encrypt database files on our servers.
- All enhancements to systems and products are subjected to a staging process where functionality, data security and impact on related systems are tested. MRG conducts structured tests from the programming and end-user requirements perspectives, prior to any release, and tests again post release.
- To safeguard our infrastructure and collected data, we have implemented comprehensive security practices that consist of penetration and vulnerability testing by third parties, employee and vendor confidentiality agreements, stringent password procedures, access protocols, and 24/7/365 performance monitoring.
- We have risk governing policies and procedures in place addressing infrastructure management, physical site security, global compliance and regulatory requirements, system access control, secure, and business continuity and disaster recovery.
- MRG continues to invest in employee training, system infrastructure and the latest in security best practices to ensure our customer’s data is secure and protected.
MRG’s web-based software systems, Quest and Momentum, used to access our assessments and development planning tools, are compatible with the following browsers:
- Internet Explorer 8, 9, 10 and 11
- Microsoft Edge
- iOs 11.0 and higher
MRG’s systems will never install any client-side software and are 100% web-based. MRG’s physical Production and QA servers are hosted at iLand’s Data Center in Reston, VA, USA (Washington, D.C. area) which is SSAE-16 and SOC-2 compliant and replicated to redundant data centers in the United States.