You’ve placed your trust in us. We don’t take that responsibility lightly.
Users have been trusting MPOWR with their information since 2006, and we do our best to meet and exceed the industry standard in information security to justify your trust.
Key Security Features
World-Class Data Centers
MPOWR Community server infrastructure is hosted on Amazon Web Services. The AWS compliance program is designed to follow international security standards and regulations, while protecting confidentiality and data privacy. Data centers provide the necessary
means to operate 24 x 7 and protect data from physical damage and network issues.
When you access MPOWR Community, SSL technology protects your information using both server authentication and data encryption in transit. We use TLS with up to 256 AES encryption as supported by the client. Data at rest is protected by using FIPS140-2 standards compliant encryption. Backups are encrypted with AES-256.
MPOWR has established a comprehensive, audit-ready information security management framework helping us ensure you are as confident with MPOWR hosting your data as if it was stored locally within your own network. This is accomplished by assessing risks and continually improving security, confidentiality, integrity, and availability of the service. We regularly review and update security policies, carry out internal security training, perform application and network security testing, monitor compliance with security policies, and conduct internal and external risk assessments.
MPOWR leverages an industry leading standards-based identity management and user authentication platform that includes breached password detection and brute force attack prevention. Users choose whether to authenticate with a salted and hashed username / password combination, or through Single Sign-on (SSO) with your favorite social provider account such as Google or Facebook. Either way, the only one who ever knows your password is you.
Security in Development
MPOWR develops software using agile development processes, and we apply the same approach to security. Just as this enables us to rapidly develop and update our software to meet customers’ evolving needs, it also allows us to quickly target and fix newly discovered security vulnerabilities within strictly enforced time frames.
Independent 3rd Party Evaluation
MPOWR utilizes independent vulnerability scanning and detection services to identify and prevent security bugs and vulnerabilities in our services and products, including guarding against common web application attacks (XSS, SQL injection, CSRF, etc.) where applicable. MPOWR is audited annually in order to maintain our ASCPA SOC 2 certification.
All payment-related services are provided by Authorize.net, one of the most reliable payment processors in the industry. This is confirmed by a PCI DSS certificate of the highest level. Nobody at MPOWR can store or access sensitive payment information.
Data is stored in a failover cluster that is backed up continuously as data changes occur. Encrypted backups are retained for 30 days. No matter what happens, your data will stay safe. Backups of the database are stored separately from the main data center across multiple availability zones.
The customer is in control of their own user account. Role-based access control allows you to ensure each user can only access the information they need to in order to do their work. Access to server infrastructure and databases by the MPOWR team is strictly regulated and is performed for support and maintenance purposes only.
No, without your request and permission no one can view your organization’s data. MPOWR restricts access to the production environment to a limited number of IP addresses and associates responsible for support and maintenance of our infrastructure environment.
Currently, there is no HIPAA compliance certification specifically for software. However, MPOWR Community is fully compliant with the data encryption standards set forth by the Department of Health and Human Services HIPAA Breach Notification Rule safe harbor which are published here.
Additionally MPOWR includes a Business Associate Agreement that is built-in to our standard Terms of Service for customers who are Covered Entities or Business Associates of Covered Entities as defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and who subscribe to the specific products and/or services which are included in the agreement.
We provide the same high levels of security to all customers, no matter what plan they use. Customer data is encrypted in transit and at rest to ensure no one can access your sensitive information who isn’t supposed to.
We take our responsibility and your trust in us seriously. MPOWR’s comprehensive information security management program is independently verified by 3rd party auditors, and designed to continuously assesses risks and improve the security, confidentiality, integrity, and availability of the service.
Once you have used MPOWR Community, we know you will love it so much you will never want to cancel! But if something does happen and you need to cancel your account don’t worry. You can always export a copy of your data with the tools that are available in the software. After an account has been cancelled, MPOWR retains a copy of your data for up to 30 days, and then that data is deleted from our systems in accordance with our Data Deletion Policy.