Security culture is the set of values shared by everyone on the MemberzPlus team. This determines how people think about and approach security. Getting security culture right helps develop a security-conscious workforce and promote the desired behaviors.
A quick Google search on the definition of “security” returns as the first result: “the state of being free from danger or threat.” Unfortunately, there is no such state in the realm of applications such as MemberzPlus. We serve as a conduit and repository of information that is not only valuable to our customers but also can have value to others who would look to exploit that data for gain. Because of this, the threat is ever-present, and we can never be completely free from danger or threat as the definition above states. But before we get overly gloomy and defeatist, I would point out that we are not powerless victims destined for exploitation at the hands of an unseen menace. There are plenty of actions we can take to protect our operations and our data, and the MemberzPlus team is committed to doing just that to protect us from the villainous threat.
The MemberzPlus application is provided within a Software as a Service (SaaS) model. This means we are not just giving you a disc or license key to install our application in your environment. Instead, we are providing not only the application software but also the application server, database server, hosting hardware, and the physical facility that houses it all. Since we are taking on most of the infrastructure requirements and lessening those of our customers, we are also taking on a greater share of the security responsibility. Given that, it is not hard to see that this SaaS model demands that we take a well-defined and comprehensive approach to security. An important aspect of that approach is having a playbook to follow and feedback on existing security measures. With that in mind, I want to provide you a brief overview of some of the things we use to guide our effort regarding securing MemberzPlus.
One of the key aspects of our overall security policy is that we don’t just trust ourselves in all this. We also depend on an outside party to help us make sure we are not overlooking something. This is primarily in the form of an annual SOC 1 -SSAE 18 Audit. That terminology may not have meaning to all of you; it is essentially a systematic review of the processes, procedures and controls we have in place regarding security that is performed by an outside auditor trained and accredited to do so. The audit is broken down into a number of areas to include:
The above is just a brief description of the major topics in the audit. During the audit process each topic is broken down into very specific sub elements that we are evaluated on to demonstrate compliance. The comprehensive and rigorous nature of this audit helps give us confidence that we are taking reasonable and sufficient measures to safeguard our MemberzPlus data and operations. We routinely share these audit results with our customers to display the detailed items covered and the auditor’s findings on each item.
While the SOC audit is the most comprehensive review we undergo, there are a number of other tools that we use to help us make MemberzPlus even more secure. Among these are:
We leave you with one last definition: Google tells us that “mitigate” is to “make less severe, serious, or painful”. At MemberzPlus we know that the safety and security of our customer’s data and operational transactions is our business. I have outlined a few of the steps we take to help us audit and manage our efforts to provide that security. Though we may never totally be free from threat when it comes to security, the MemberzPlus team believes our vigilant and systematic approach to security does greatly mitigate that threat.
Mr. Riley joined the company in 1998 as an experienced developer in Oracle and PL/SQL. He has been a technical lead and task manager on numerous high visibility projects within Ross Group’s Veterinary Solution Division and now with MemberzPlus. These tasks include the initial go-live implementations at numerous large teaching hospitals as well as a migration of the product from a client/server model to a three tier application server model. Mr. Riley served as an officer in the United States Marine Corps and as a task lead at Computer Sciences Corporation (CSC) prior to joining Ross Group. He holds bachelors degrees in Aviation Management and Computer Sciences.