Data Center and Network Security
MiCOM Labs hosts all of its software and data with industry-standard providers in the USA. Our providers have an extensive list of compliance and regulatory assurances including ISO 27001. All of MiCOM Labs servers are located within MiCOM Labs’s own private servers, protected by restricted security groups, allowing only the minimal required communication to and between the servers. MiCOM Labs conducts third-party network vulnerability scans at least annually.
All connections to MiCOM Labs are encrypted using SSL. Any attempt to connect over HTTP is redirected to HTTPS. We maintain an A grade for Qualys/SSL Labs. All customer data is encrypted at rest and in transit. Restricted access to specific production systems. Data access and authorizations are provided on a need-to-know basis and based on the principle of least privilege. Access to the production system is restricted to authorized personnel and is carried out using a VPN.
Web application architecture and implementation follow OWASP guidelines. MiCOM Labs login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in MiCOM Labs’s database. Audit logging lets administrators see when users last logged in.
All access to MiCOM Labs applications is logged and audited. Logs are kept for at least one year. MiCOM Labs maintains a formal incident response plan for major events.