MRG’s Technology and our Commitment to Data Security
We ensure data is safe and protected by taking a multi-faceted approach to system security, including the implementation of appropriate technical and organizational security measures to protect the personal data we process from unauthorized or accidental disclosure, loss, theft, destruction, or access. Our measures are as follows:
- We only ever process personal data in line with all applicable Data Protection Laws, including the GDPR regulations.
- MRG operates within the European Commission’s current defined parameters, under Article 28 GDPR to rely on the new EU SCCs to transfer data safely from the European Economic Area to the United States. The European Commission’s SCCs and accompanying appendices, otherwise known as the “new” EU SCCs, are contract terms developed and approved by the European Commission to provide adequate protection for personal data when transferred internationally. MRG takes guidance from the European Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complies with the advice given by such authorities with regard to all data transferred from the EU and Switzerland.
- MRG’s continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect the personal information we process. We handle data in accordance with a set of privacy principles, that offer meaningful privacy protections and recourse for EU individuals.
- All internet traffic is encrypted using https standards and 256-bit SSL/TLS 1.2 encryption. We use hardware accelerated 256-bit AES encryption to completely encrypt database files on our servers.
- All enhancements to systems and products are subjected to a staging process where functionality, data security and impact on related systems are tested. MRG conducts structured tests from the programming and end-user requirements perspectives, prior to any release, and tests again post release.
- To safeguard our infrastructure and collected data, we have implemented comprehensive security practices that consist of penetration and vulnerability testing by third parties, employee and vendor confidentiality agreements, stringent password procedures, access protocols, and 24/7/365 performance monitoring.
- We have risk governing policies and procedures in place addressing infrastructure management, physical security measures on site, global compliance and regulatory requirements, system access control, secure, and business continuity and disaster recovery.
- MRG continues to invest in employee training, system infrastructure and the latest in security best practices to ensure our customer’s data is secure and protected.
MRG’s web-based software systems, Quest and Momentum, used to access our assessments and development planning tools, are compatible with the following browsers:
- Internet Explorer 8, 9, 10 and 11
- Microsoft Edge
- iOs 11.0 and higher
MRG’s systems will never install any client-side software and are 100% web-based. MRG’s physical Production and QA servers are hosted at iLand’s Data Center in Reston, VA, USA (Washington, D.C. area) which is SSAE-16 and SOC-2 compliant and replicated to redundant data centers in the United States.