TMS Security – A Thorough and Comprehensive Security Program

Superior SaaS Security

Two decades dedicated to true SaaS-based performance have taught us extensive best practices, not just in transportation management, but platform security as well. The result is our comprehensive and thoroughly tested security program. Our security program combines policies and procedures with physical and logical security controls and a complete compliance program, encompassing both national and international requirements. Our policies and procedures undergo continuous improvement along with verification from independent auditors and regular penetration testing.

Data Defense

A key area of our security program focuses on data protection. All data that resides on backup media and archive locations is encrypted. Backups of all data, project documents and other critical business data and system assets are completed on a defined schedule and copies of the logical backups are replicated across a high-speed secure circuit to our disaster recovery data center. Backups are then stored on encrypted media with restricted access. Customer data is stored on servers that use leading technology and techniques to reduce points of failure and data loss. Our software infrastructure is updated regularly with the latest security patches.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Extensive application Security

Application security is essential throughout the development lifecycle and beyond. Our engineers are trained to ensure secure code is developed and implemented across all MercuryGate IT systems and applications. Practices such as prepared statements, SQL injection and cross site scripting are followed to prevent even sophisticated attacks. Static scans of the code base and dynamic scans of the applications are conducted to identify any vulnerabilities. When vulnerabilities are discovered they are prioritized and remediated as part of patch releases and/or scheduled as part of future product releases.
MercuryGate Security Icon

Ongoing Operational Management

All new hires receive comprehensive security training. All staff receive annual security refresher training. In addition, simulated phishing software is regularly deployed to ensure staff know how to identify potentially harmful emails. We understand the value of your data and are committed to applying our extensive experience and cutting-edge capabilities to protect it.

Security threats are ever changing, and we are continuously evolving to keep up. Our team is always evaluating new security risks and implementing updated countermeasures to prevent unauthorized access or unplanned downtime of our systems and/or services.

Physical Security and Protections on Site

Unlike the majority of TMS providers, MercuryGate is both SOC 1 and SOC 2 compliant. All servers/systems are physically secured in Tier III certified data centers. The facilities are audited under SSAE 18 SOC 2 Type II, PCI-DSS, GLBA and HIPAA standards annually and are ITAR and EU-US Privacy Shield registered. This includes the following security controls and physical protections:

Learn How Our Integrated Security Features Can Benefit Your TMS Platform Needs