Security Policy
MNI takes cyber security and data protection seriously, including our network and all MNI-owned websites. Please see our documentation below and reach out with any questions.
Application Security
Website Encryption
Sessions between you and our websites operate over HTTPS and are protected with Secure Sockets Layer (SSL) encryption using 2,048-bit or better keys and Transport Layer Security (TLS) 1.2 or above. MNI takes regular steps toward PCI compliance, a rigorous data security standard for organizations that process credit card transaction.
Network Firewall
MNI servers and network are kept secure behind a commercial grade firewall with intrusion protection technology and real-time packet-by-packet anti-virus and anti-malware scanning. The MNI network contains Distributed Denial of Service (DDoS) prevention defenses to help keep our services active at all times.
Software Development Lifecycle (SDLC) Security
MNI implements human review processes, including architecture analysis during design and code review during coding and build, to ensure consistent quality in our software development practices. Development staff is familiar with and mitigates against the OWASP Top 10 Web Application Security Risks.
Sensitive User Information
We do not store any credit card information on our servers. Payments on all MNI websites are posted directly to our processor and no digital copies are retained. Additionally, we do not require any personally sensitive information for any of our services, such as your birthdate, social security number, or medical information.
User Account Access
User accounts on IndustrySelect and IndustryNet are only accessible to the account holder (anyone with the correct email and password), and select members of the MNI staff as needed for technical support and fulfillment of services.
Datacenter Protections
Physical Security
MNI hosts its own applications at its datacenter in a northern suburb of Chicago, USA. This datacenter features strictly managed physical access control, video surveillance, security systems, among other protective measures.
Software Security
Patch Management
MNI's patch management process ensures the latest patches and appropriate software versions are installed on all systems at regular intervals.
Security Incident Response
MNI's security incident response processes are defined during routine preparation activities and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
Vulnerability Assessment & Penetration Testing
Vulnerability Assessment
MNI tests for potential vulnerabilities on a recurring basis. We run static code analysis and external vulnerability scans.
Penetration Testing
MNI leverages 3rd party penetration testing sites several times a year to test the MNI websites and network infrastructure.
Employee Operations Security
Background Screening
All MNI employees undergo background checks prior to gaining substantial access to customer data systems. MNI may rescind an employee's employment offer if their background check is found to be falsified, erroneous, or misleading.
Policy Awareness
MNI employees are provided training on the company's technologies policies during the onboarding process. All MNI personnel are then required to acknowledge that they have received and understand the technology policy.
Remote Work
All remote work must be performed in a manner consistent with MNI's security policies. VPN must be used for all connections with the MNI network. All of MNI's security settings must be followed for any equipment used to perform work. Employees must ensure no unauthorized individuals may view, overhear, or otherwise have access to MNI's customer data.
Questions, comments, or feedback can be directed to:
MNI
Attention: Legal
1633 Central Street
Evanston, IL 60201
Email Legal
|