TMS Security – A Thorough and Comprehensive Security Program

Superior SaaS Security

Two decades dedicated to true SaaS-based performance have taught us extensive best practices, not just in transportation management, but platform security as well. The result is our comprehensive and thoroughly tested security program. Including our award-winning TMS achieving the highest Service Organization Controls (SOC) designation with a Type 2 SOC 2 examination. Our security program combines policies and procedures with physical and logical security controls and a complete compliance program, encompassing both national and international requirements. Our policies and procedures undergo continuous improvement along with verification from independent auditors and regular penetration testing.

Connect and learn more today
Type 2 SOC2 Certification
“Delivering the world’s best TMS to our customers is the foundation of MercuryGate,” MercuryGate President & CEO Joe Juliano. “From roadmap expansion to working with our customers during the unprecedented disruption in the global supply chain, our focus on transportation management and our commitment to security are unprecedented in the industry.”

Read the full news release

Data Defense

A key area of our security program focuses on data protection. All data that resides on backup media and archive locations is encrypted. Backups of all data, project documents and other critical business data and system assets are completed on a defined schedule and copies of the logical backups are replicated across a high-speed secure circuit to our disaster recovery data center. Backups are then stored on encrypted media with restricted access. Customer data is stored on servers that use leading technology and techniques to reduce points of failure and data loss. Our software infrastructure is updated regularly with the latest security patches.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Extensive application Security

Application security is essential throughout the development lifecycle and beyond. Our engineers are trained to ensure secure code is developed and implemented across all MercuryGate IT systems and applications. Practices such as prepared statements, SQL injection and cross site scripting are followed to prevent even sophisticated attacks. Static scans of the code base and dynamic scans of the applications are conducted to identify any vulnerabilities. When vulnerabilities are discovered they are prioritized and remediated as part of patch releases and/or scheduled as part of future product releases.
MercuryGate Security Icon

Ongoing Operational Management

All new hires receive comprehensive security training. All staff receive annual security refresher training. In addition, simulated phishing software is regularly deployed to ensure staff know how to identify potentially harmful emails. We understand the value of your data and are committed to applying our extensive experience and cutting-edge capabilities to protect it.

Security threats are ever changing, and we are continuously evolving to keep up. Our team is always evaluating new security risks and implementing updated countermeasures to prevent unauthorized access or unplanned downtime of our systems and/or services.
  • Systems are configured to provide only essential capabilities and specifically prohibit or restrict the use of functions, ports, protocols, and/or services that are not required for the business function of the information system.
  • Servers are not allowed direct access to the internet and are deployed behind several boundary protection devices (firewall, IPS/IDS).
  • An incident, detection and response system has been implemented to monitor MercuryGate’s environment to ensure proactive detection and response to threats, intrusions, and attacks 24/7/365.
Schedule a Demo Today

Physical Security and Protections on Site

Unlike the majority of TMS providers, MercuryGate is both SOC 1 and SOC 2 compliant. In fact, MercuryGate reached the highest Service Organization Controls (SOC) designation with a Type 2 SOC 2 examination. All servers/systems are physically secured in Tier III certified data centers. The facilities are audited under SSAE 18 Type 2 SOC 2, PCI-DSS, GLBA and HIPAA standards annually and are ITAR and EU-US Privacy Shield registered. This includes the following security controls and physical protections:
  • 24x7x365 electronic and physical security
  • Two-factor authentication, including the use of biometric scanners
  • CCTV surveillance, with a minimum of 90 days of retention
  • Wet/Dry Fire Suppression System
  • VESDA – Very Early Smoke Detection Alarm
  • Fully 2N A-side and B-side power distribution design
  • Two fully redundant 2MW diesel generators with 4,000 gallons fuel storage
  • Both A- and B-side electrical systems w/ modular I,200kW high-efficiency UPS systems
  • Eight (8) 300kVA Power Distribution Units (PDU) with branch circuit monitoring
Download the TMS Security Brochure

Learn How Our Integrated Security Features Can Benefit Your TMS Platform Needs

Contact Us