MNI takes cyber security and data protection seriously, including our network and all MNI-owned websites. Please see our documentation below and reach out with any questions.
Sessions between you and our websites operate over HTTPS and are protected with Secure Sockets Layer (SSL) encryption using 2,048-bit or better keys and Transport Layer Security (TLS) 1.2 or above. MNI takes regular steps toward PCI compliance, a rigorous data security standard for organizations that process credit card transaction.
MNI servers and network are kept secure behind a commercial grade firewall with intrusion protection technology and real-time packet-by-packet anti-virus and anti-malware scanning. The MNI network contains Distributed Denial of Service (DDoS) prevention defenses to help keep our services active at all times.
Software Development Lifecycle (SDLC) Security
MNI implements human review processes, including architecture analysis during design and code review during coding and build, to ensure consistent quality in our software development practices. Development staff is familiar with and mitigates against the OWASP Top 10 Web Application Security Risks.
Sensitive User Information
We do not store any credit card information on our servers. Payments on all MNI websites are posted directly to our processor and no digital copies are retained. Additionally, we do not require any personally sensitive information for any of our services, such as your birthdate, social security number, or medical information.
User Account Access
User accounts on IndustrySelect
are only accessible to the account holder (anyone with the correct email and password), and select members of the MNI staff as needed for technical support and fulfillment of services.
MNI hosts its own applications at its datacenter in a northern suburb of Chicago, USA. This datacenter features strictly managed physical access control, video surveillance, security systems, among other protective measures.
MNI's patch management process ensures the latest patches and appropriate software versions are installed on all systems at regular intervals.
Security Incident Response
MNI's security incident response processes are defined during routine preparation activities and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
Vulnerability Assessment & Penetration Testing
MNI tests for potential vulnerabilities on a recurring basis. We run static code analysis and external vulnerability scans.
MNI leverages 3rd party penetration testing sites several times a year to test the MNI websites and network infrastructure.
Employee Operations Security
All MNI employees undergo background checks prior to gaining substantial access to customer data systems. MNI may rescind an employee's employment offer if their background check is found to be falsified, erroneous, or misleading.
MNI employees are provided training on the company's technologies policies during the onboarding process. All MNI personnel are then required to acknowledge that they have received and understand the technology policy.
All remote work must be performed in a manner consistent with MNI's security policies. VPN must be used for all connections with the MNI network. All of MNI's security settings must be followed for any equipment used to perform work. Employees must ensure no unauthorized individuals may view, overhear, or otherwise have access to MNI's customer data.
Questions, comments, or feedback can be directed to:
1633 Central Street
Evanston, IL 60201