GDPR
Avoid fines of EUR 250k (each occurrence) for mishandling EU nationals’ data.
DATA SECURITY
Data Security at Mercans
Protecting our clients' data and earning their trust since 2003.
Mercans data security commitment
Mercans is dedicated to protecting the data of our customers and fighting fraud. We focus on making sure our robust data security measures meet and exceed industry best practices. We constantly improve and innovate these measures to keep up with the latest threats.
Mercans is dedicated to protecting the data of our customers and fighting fraud. We focus on making sure our robust data security measures meet and exceed industry best practices. We constantly improve and innovate these measures to keep up with the latest threats.
Your data, and your employees’ data, is always in protective hands with Mercans.
We’re serious about security
Through a layered security model, we provide our customers with the best possible protection. This includes multi-factor authentication and real-time fraud detection.
Keeping your data secure is non-negotiable
Mercans is the only payroll company in the world with all locations and processes covered by ISO and SOC 1 & 2 standards. Our platform complies with the strictest international standards and regulations.
SOC 1
External auditors confirmed that financial data provide by Mercans is reliable.
SOC 2
External auditors have confirmed that your data is protected by Mercans.
ISO 20000
Mercans’ services meet the international service management standards.
ISO 27001
Mercans systems are secure.
OWASP ASVS 3.0
Protection from cybersecurity risks.
ISO 27017
Mercans systems are protecting personal identifiable information (PII) on cloud services.
ISO 27018
Mercans services are protecting PII in cloud storage.
ISO 9001:2015
Mercans follows Quality Management Systems for process management and continuous improvement.
GDPR
Avoid fines of EUR 250k (each occurrence) for mishandling EU nationals’ data.
SOC 1
External auditors confirmed that financial data provide by Mercans is reliable.
SOC 2
External auditors have confirmed that your data is protected by Mercans.
ISO 20000
Mercans’ services meet the international service management standards.
ISO 27001
Mercans systems are secure.
OWASP ASVS 3.0
Protection from cybersecurity risks.
ISO 27017
Mercans systems are protecting personal identifiable information (PII) on cloud services.
ISO 27018
Mercans services are protecting PII in cloud storage.
ISO 9001:2015
Mercans follows Quality Management Systems for process management and continuous improvement.
How our data security program helps you
This covers how we securely store and process the personal information of clients while offering them unrivaled privacy infrastructure, together with prescribing monitoring mechanisms and controls to ensure that privacy policies and procedures are effectively implemented.
Cloud Infrastructure
Network security
Clients can use choose their preferred data processing centers and geo fence the data.
Data centers are hot mirrored and completely autonomous.
OFFICE ACCESS
Workplace security
Clients can use choose their preferred data processing centers and geo fence the data.
Data centers are hot mirrored and completely autonomous.
END TO END ENCRYPTION
Information security
Secure data transfer
Confidential information is transmitted only via secure exchange portals.
Remote encryption
All workstations are equipped with remote encryption and boot locking software.
Virus protection
Active virus protection on all workstations.
Clean desk policy
All documents are to be kept in a locked drawer when not in use.
Server storage
No client data is stored on local devices. The information is accessed only when needed.
Office use only
No data or devices are to be removed from the place of work.
Password
All workstations are password protected and centrally managed with limited user access rights.
Backups
Daily backups of all workstations and other storage devices. Backups are encrypted and password protected.
No to spreadsheets
Sending personal employee data via email or storing information in spreadsheets is not a secure or reliable way to transfer data. With our solution, all employee data is stored in a secure platform.
Controlled Role Permissions
Mercans’ platform ensures only relevant personal data is viewable to authorized individuals. Access is based on consent and role-based access restrictions.
Secure data transfer
Confidential information is transmitted only via secure exchange portals.
Remote encryption
All workstations are equipped with remote encryption and boot locking software.
Virus protection
Active virus protection on all workstations.
Clean desk policy
All documents are to be kept in a locked drawer when not in use.
Server storage
No client data is stored on local devices. The information is accessed only when needed.
Office use only
No data or devices are to be removed from the place of work.
Password
All workstations are password protected and centrally managed with limited user access rights.
Backups
Daily backups of all workstations and other storage devices. Backups are encrypted and password protected.
No to spreadsheets
Sending personal employee data via email or storing information in spreadsheets is not a secure or reliable way to transfer data. With our solution, all employee data is stored in a secure platform.
Controlled Role Permissions
Mercans’ platform ensures only relevant personal data is viewable to authorized individuals. Access is based on consent and role-based access restrictions.
Password management
Account Security
All information is transmitted over TLS v1.2
We enforce the use of TLS v1.2 or higher.
Password token
1 hour token for creating a password.
Secure Password
Minimum of 8 character password is enforced.
2-step verification
2-step verification via Google Authenticator or SMS for admin accounts.
All information is transmitted over TLS v1.2
We enforce the use of TLS v1.2 or higher.
Password token
1 hour token for creating a password.
Secure Password
Minimum of 8 character password is enforced.
2-step verification
2-step verification via Google Authenticator or SMS for admin accounts.
AES-256 Encryption
Big Data Security
Raw data can’t be accessed outside of the VM
SQL access only by a machine in the same virtual network
VM access only from predetermined IP’s using SSA key with RSA algorithm
Load handling managed by multiple nodes accessing multiple replicated databases
Raw data can’t be accessed outside of the VM
SQL access only by a machine in the same virtual network
VM access only from predetermined IP’s using SSA key with RSA algorithm
Load handling managed by multiple nodes accessing multiple replicated databases
Webapp security
Application Security
Penetration tests
Detect security issues before they happen, so they never do
Multiple Audits
Multiple audits to review internal records, processes and key system elements
Automated Verification
We enforce the use of TLS v1.2 or higher.
Precision Audits
We enforce the use of TLS v1.2 or higher.
Penetration tests
Detect security issues before they happen, so they never do
Multiple Audits
Multiple audits to review internal records, processes and key system elements
Automated Verification
We enforce the use of TLS v1.2 or higher.
Precision Audits
We enforce the use of TLS v1.2 or higher.
DATA SECURITY & GOVERNANCE
Disaster recovery model
With a robust disaster recovery strategy and all our servers mirrored in real-time, you are assured that your data is always protected and accessible, whenever you choose to access it.
