|
Security Policy
This Security Policy is provided for informational purposes only and does not constitute a guarantee, warranty, or contractual commitment regarding the security of any system or data.
MNI takes cybersecurity and data protection seriously, including the security of our network and all MNI-owned websites. The measures described below reflect our current practices and are subject to change as technologies, threats, and business needs evolve.
Application Security
Website Encryption
Sessions between you and our websites operate over HTTPS and are protected using SSL/TLS encryption. We currently support modern cryptographic standards, including TLS 1.2 or higher, and use strong encryption key lengths where supported. MNI takes reasonable steps to align with applicable PCI DSS requirements for systems involved in payment processing. However, no method of transmission over the Internet is completely secure.
Network Firewall
MNI servers and network are protected behind commercial-grade firewall systems with intrusion prevention and malware detection capabilities. We also utilize threat intelligence and traffic filtering technologies designed to help identify and block malicious activity. Our network architecture includes protections intended to help mitigate Distributed Denial of Service (DDoS) attacks; however, no network can be made completely immune to all attack types.
Software Development Lifecycle (SDLC) Security
MNI employs structured development and review processes, including architecture review and code review, to promote secure software development practices. Development staff are trained on secure coding principles and are familiar with common industry risk frameworks such as the OWASP Top 10.
Sensitive User Information
MNI does not store customer credit card numbers on its servers. Payment transactions are processed by third-party payment processors, and MNI does not retain full cardholder data. Where applicable, tokenization and similar techniques may be used. We also do not require highly sensitive personal information such as social security numbers, birthdates, or medical information for our services. Where certain data must be stored, we employ encryption-at-rest and access controls designed to reduce risk.
User Account Access
User accounts on IndustrySelect and IndustryNet are protected by authentication credentials chosen by the user. Access to internal administrative systems is restricted to authorized MNI personnel and protected by additional controls, including multi-factor authentication (MFA) where appropriate.
Datacenter Protections
Physical Security
MNI hosts its applications in a datacenter in the Chicago area that employs physical access controls, monitoring, and security systems designed to restrict unauthorized entry and protect infrastructure.
Software Security
Patch Management
MNI maintains a patch management process intended to keep systems reasonably up to date with relevant security patches and supported software versions. Patch schedules and deployment timing may vary based on risk, operational impact, and testing requirements.
Security Incident Response
MNI maintains incident response procedures designed to support the investigation and management of security events. These procedures are periodically reviewed and refined. While we aim to respond promptly to significant incidents, response times and outcomes may vary depending on the nature and scope of the event.
Vulnerability Assessment & Penetration Testing
Vulnerability Assessment
MNI performs vulnerability assessments using a combination of automated tools and internal review processes. These may include static and dynamic analysis, configuration reviews, and external scanning.
Penetration Testing
MNI periodically engages third-party firms to perform penetration testing of certain systems and infrastructure components. Additional testing may be performed following significant system changes or architectural updates.
Employee Operations Security
Background Screening
MNI performs background screening on employees prior to granting access to sensitive systems, where permitted by law and appropriate for the role.
Policy Awareness
MNI employees receive training on company technology and security policies during onboarding and periodic refreshers thereafter. Employees are required to acknowledge their responsibility to follow these policies.
Remote Work
Remote access to MNI systems is governed by internal security policies and technical controls. Where applicable, VPN and multi-factor authentication are used to reduce risk. Employees are required to take reasonable steps to prevent unauthorized access to MNI systems and customer data.
Questions, comments, or feedback can be directed to:
MNI
Attention: Legal
1633 Central Street
Evanston, IL 60201
Email Legal
|
My Cart (0)
