SECURITY ASSURANCE PROGRAMS
MergerWare, through its partnership with Amazon Web Services (AWS) and Microsoft (Azure) supports a vast array of compliance programs and adheres to the highest security and data protection standards available.
The importance of maintaining the integrity and security of confidential data cannot be underestimated and typically arise at three points during the M&A transaction:
- First, the pre-deal phase where the seller must make sufficient sensitive – corporate and personal information available to bidders and buyers while protecting it adequately.
- Second, full company evaluation by the prospective purchaser as part of the due-diligence process.
- Third and finally, the transition phase where data is being transferred or exchanged, or the networks of the two companies are being integrated while continuing to support corporate operations.
MergerWare ensures security at all key points of the transaction as well as ensuring network, storage, host and operating system security
SOC Reports
Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance. The SOC 2 Security & Availability and SOC 3 Security Reports are prepared in accordance with Attestation Standard Section 101 (AT 101) which is a standard that enables an auditor to report on subject matter relevant to Security Availability, Processing Integrity, Confidentiality, or Privacy and Trust Services Principles and Criteria.
EU GDPR
The EU Data Protection Directive refers to the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as Directive 95/46/EC). Broadly, this Directive sets out a number of data protection requirements, which apply when personal data is being processed.
MergerWare customers can choose to use one region, all regions or any combination of regions where their data will be stored. This allows customers with specific geographic requirements to establish environments in a location(s) of their choice.
QUALYS SSL Labs
SSL Labs is a collection of documents, tools and thoughts related to SSL. It’s an attempt to better understand how SSL is deployed, and an attempt to make it better.
Every instance provided by MergerWare to its clients is certified by SSL Labs as having A+ RATING, the highest possible rating in the industry
CLOUD SECURITY ALLIANCE
MergerWare and AWS participate in the Cloud Security Alliance (CSA). CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud —providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trust cloud ecosystem
PENETRATION TESTING
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data, as well as strengths, enabling a full risk assessment to be completed. The ability to pass such a test is a testimony of a platform’s robustness.
MergerWare is certified by TÜV SÜD South Asia for Vulnerability Assessment & Penetration Testing.
ISO 27001
MergerWare is in process of achieving an active Information Security Management System (ISMS) aligned with ISO 27001. This is an international security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance.
PLATFORM SECURITY FEATURES
NETWORK SECURITY
- All network interactions are on TLS (TLS 1.0 / 1.1/1.2)
- TLS termination on Load balanced NGINX server
- Connections from App server and DB server are on TLS
- A+ rating awarded by SSL Labs
- Multi Factor authentication is on by default
Host Security
- All partitions (Root and mounted ones) are encrypted
- Restrictive AWS Security Group definition
- Database installed on secure host with encrypted partition
Storage Security
- AWS Simple Storage Service (S3) has server side encryption enabled in all buckets
- All documents are AES (256) encrypted and stored in S3. This is done at application layer to prevent worst case scenario of leaks at AWS level
- All backups are encrypted and stored in S3
- S3 guarantees 99.999999999% durability
OS Security
- Customised hardened Ubuntu machine image (AMI)
- Host firewall, intrusion detection, prevention
- Monitoring tools
Amazon Web Services (AWS) Certifications and Assurance Programs
