DATA SECURITY

Data Security at Mercans

Protecting our clients' data and earning their trust since 2003.

Mercans data security commitment

Mercans is dedicated to protecting the data of our customers and fighting fraud. We focus on making sure our robust data security measures meet and exceed industry best practices. We constantly improve and innovate these measures to keep up with the latest threats.

Mercans is dedicated to protecting the data of our customers and fighting fraud. We focus on making sure our robust data security measures meet and exceed industry best practices. We constantly improve and innovate these measures to keep up with the latest threats.

s2_ribbon Your data, and your employees’ data, is always in protective hands with Mercans.

We’re serious about security

Through a layered security model, we provide our customers with the best possible protection. This includes multi-factor authentication and real-time fraud detection.

Keeping your data secure is non-negotiable

Mercans is the only payroll company in the world with all locations and processes covered by ISO and SOC 1 & 2 standards. Our platform complies with the strictest international standards and regulations.
GDPR

GDPR

Avoid fines of EUR 250k (each occurrence) for mishandling EU nationals’ data.

SOC 1

SOC 1

External auditors confirmed that financial data provide by Mercans is reliable.

SOC 2

SOC 2

External auditors have confirmed that your data is protected by Mercans.

ISO 20000

ISO 20000

Mercans’ services meet the international service management standards.

ISO 27001

ISO 27001

Mercans systems are secure.

OWASP ASVS 3.0

OWASP ASVS 3.0

Protection from cybersecurity risks.

ISO 27017

ISO 27017

Mercans systems are protecting personal identifiable information (PII) on cloud services.

ISO 27018

ISO 27018

Mercans services are protecting PII in cloud storage.

ISO 9001:2015

ISO 9001:2015

Mercans follows Quality Management Systems for process management and continuous improvement.

ISO 27701 : 2019

ISO 27701 : 2019

Mercans employs PIMS framework to ensure data privacy as PII processors.

GDPR

GDPR

Avoid fines of EUR 250k (each occurrence) for mishandling EU nationals’ data.

SOC 1

SOC 1

External auditors confirmed that financial data provide by Mercans is reliable.

SOC 2

SOC 2

External auditors have confirmed that your data is protected by Mercans.

ISO 20000

ISO 20000

Mercans’ services meet the international service management standards.

ISO 27001

ISO 27001

Mercans systems are secure.

OWASP ASVS 3.0

OWASP ASVS 3.0

Protection from cybersecurity risks.

ISO 27017

ISO 27017

Mercans systems are protecting personal identifiable information (PII) on cloud services.

ISO 27018

ISO 27018

Mercans services are protecting PII in cloud storage.

ISO 9001:2015

ISO 9001:2015

Mercans follows Quality Management Systems for process management and continuous improvement.

ISO 27701 : 2019

ISO 27701 : 2019

Mercans employs PIMS framework to ensure data privacy as PII processors.

SECURITY BY DESIGN

How our data security program helps you

This covers how we securely store and process the personal information of clients while offering them unrivaled privacy infrastructure, together with prescribing monitoring mechanisms and controls to ensure that privacy policies and procedures are effectively implemented.

Cloud Infrastructure

Network security

Clients can use choose their preferred data processing centers and geo fence the data.
Data centers are hot mirrored and completely autonomous.

OFFICE ACCESS

Workplace security

Clients can use choose their preferred data processing centers and geo fence the data.
Data centers are hot mirrored and completely autonomous.

How our data security program helps you How our data security program helps you
s4_image_bg
END TO END ENCRYPTION

Information security

Secure data transfer

Secure data transfer

Confidential information is transmitted only via secure exchange portals.

Remote encryption

Remote encryption

All workstations are equipped with remote encryption and boot locking software.

Virus protection

Virus protection

Active virus protection on all workstations.

Clean desk policy

Clean desk policy

All documents are to be kept in a locked drawer when not in use.

Server storage

Server storage

No client data is stored on local devices. The information is accessed only when needed.

Office use only

Office use only

No data or devices are to be removed from the place of work.

Password

Password

All workstations are password protected and centrally managed with limited user access rights.

Backups

Backups

Daily backups of all workstations and other storage devices. Backups are encrypted and password protected.

No to spreadsheets

No to spreadsheets

Sending personal employee data via email or storing information in spreadsheets is not a secure or reliable way to transfer data. With our solution, all employee data is stored in a secure platform.

Controlled Role Permissions

Controlled Role Permissions

Mercans’ platform ensures only relevant personal data is viewable to authorized individuals. Access is based on consent and role-based access restrictions.

Secure data transfer

Secure data transfer

Confidential information is transmitted only via secure exchange portals.

Remote encryption

Remote encryption

All workstations are equipped with remote encryption and boot locking software.

Virus protection

Virus protection

Active virus protection on all workstations.

Clean desk policy

Clean desk policy

All documents are to be kept in a locked drawer when not in use.

Server storage

Server storage

No client data is stored on local devices. The information is accessed only when needed.

Office use only

Office use only

No data or devices are to be removed from the place of work.

Password

Password

All workstations are password protected and centrally managed with limited user access rights.

Backups

Backups

Daily backups of all workstations and other storage devices. Backups are encrypted and password protected.

No to spreadsheets

No to spreadsheets

Sending personal employee data via email or storing information in spreadsheets is not a secure or reliable way to transfer data. With our solution, all employee data is stored in a secure platform.

Controlled Role Permissions

Controlled Role Permissions

Mercans’ platform ensures only relevant personal data is viewable to authorized individuals. Access is based on consent and role-based access restrictions.

Password management

Account Security

All information is transmitted over TLS v1.2

All information is transmitted over TLS v1.2

We enforce the use of TLS v1.2 or higher.

Password token

Password token

1 hour token for creating a password.

Secure Password

Secure Password

Minimum of 8 character password is enforced.

2-step verification

2-step verification

2-step verification via Google Authenticator or SMS for admin accounts.

All information is transmitted over TLS v1.2

All information is transmitted over TLS v1.2

We enforce the use of TLS v1.2 or higher.

Password token

Password token

1 hour token for creating a password.

Secure Password

Secure Password

Minimum of 8 character password is enforced.

2-step verification

2-step verification

2-step verification via Google Authenticator or SMS for admin accounts.

AES-256 Encryption

Big Data Security

Raw data can’t be accessed outside of the VM

Raw data can’t be accessed outside of the VM

SQL access only by a machine in the same virtual network

SQL access only by a machine in the same virtual network

VM access only from predetermined IP’s using SSA key with RSA algorithm

VM access only from predetermined IP’s using SSA key with RSA algorithm

Load handling managed by multiple nodes accessing multiple replicated databases

Load handling managed by multiple nodes accessing multiple replicated databases

Raw data can’t be accessed outside of the VM

Raw data can’t be accessed outside of the VM

SQL access only by a machine in the same virtual network

SQL access only by a machine in the same virtual network

VM access only from predetermined IP’s using SSA key with RSA algorithm

VM access only from predetermined IP’s using SSA key with RSA algorithm

Load handling managed by multiple nodes accessing multiple replicated databases

Load handling managed by multiple nodes accessing multiple replicated databases

Webapp security

Application Security

Penetration tests

Penetration tests

Detect security issues before they happen, so they never do

Multiple Audits

Multiple Audits

Multiple audits to review internal records, processes and key system elements

Automated Verification

Automated Verification

We enforce the use of TLS v1.2 or higher.

Precision Audits

Precision Audits

We enforce the use of TLS v1.2 or higher.

Penetration tests

Penetration tests

Detect security issues before they happen, so they never do

Multiple Audits

Multiple Audits

Multiple audits to review internal records, processes and key system elements

Automated Verification

Automated Verification

We enforce the use of TLS v1.2 or higher.

Precision Audits

Precision Audits

We enforce the use of TLS v1.2 or higher.

DATA SECURITY & GOVERNANCE

Disaster recovery model

With a robust disaster recovery strategy and all our servers mirrored in real-time, you are assured that your data is always protected and accessible, whenever you choose to access it.

Disaster recovery model Disaster recovery model

Ready to get started?

Learn more about how we can help.

Request info now