In the meantime, please reach out to email@example.com for additional documentation around Mercu’s vendor security and data compliance information.
Data submitted to Mercu by authorised users are considered confidential. All data processed to and from Mercu infrastructure are encrypted with TLS v1.2. All data is encrypted at rest using industry-standard AES-256 encryption algorithms.
Our infrastructure is continually monitored for security vulnerabilities and updates applied automatically.
- Access Control Policy
- Asset Management Policy
- Business Continuity and Disaster Recovery Plan
- Code of Conduct
- Cryptography Policy
- Data Management Policy
- Human Resource Security Policy
- Incident Response Plan
- Information Security Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Physical Security Policy
- Risk Management Policy
- Secure Development Policy
- Third-Party Management Policy
All employees are required to encrypt their hard drives, and all servers and databases are inside of AWS VPC with access controls following the principle of least privilege. All employee access to systems are logged and audited for security purposes.
Access to customer data requires authentication and authorization controls, including Multi-Factor Authentication (MFA). Mercu has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms.
We also maintain separate development, testing and production environments.