Security
We understand the concerns you may have with ordering product on-line. When Mountain Glass was founded in 2002, we were using a startup type of basic software. We realized however that we would need to upgrade in order to grow the business, provide the top notch customer service we had in mind and handle Security and Privacy concerns. We spent quite a long time on research and settled on a new program to run our business. We also realized that if we were to maintain our own servers on site it would be quite a job for us and a security liability for you. We are pleased to report our provider uses the same industry leading technology used by large banks, corporations and government agencies. We are confident they are doing everything possible to provide data security. Here are some specific examples of why we feel we have industry leading data security in the glass industry.
Payments
All payments are handled by VeriSign, the industry leader in web security, VeriSign will route, process, and secure any payment you make on our site using 128bit SSl (Secure Socket Layer) protection.
Credit Cards
After you provide us with your credit card number either over the phone or via the website it is saved in our system. None of us at MGA, ever, will be able to see your complete card number again; we will only be able to see the last four digits to reference. The full card number is stored off site and will be retrieved by VeriSign when processing is required.
Data Center Security
The data center ensured security and redundancy across its operations to provide high levels of security for both the physical and electronic infrastructure of the network. The network was built to meet or exceed commercial telecommunications standards worldwide for availability, integrity and confidentiality. Security features are designed to deter, detect and deny access to unauthorized parties.
Backup Power Systems-Uninterruptible Power Source (UPSs)
Our provider has designed a solution for continuous power. The UPSs are provisioned in an N+1 configuration and support all customers AC equipment. Each UPS battery system is designed to carry full load for 15 minutes without a generator. Emergency generators typically provide back-up power in less than 10 seconds and are sized to support the entire facility at maximum load.
Physical Access to the Data Center
The secure center is co-located within a guarded third party data center. The physical structure maintains stringent physical security policies and controls to allow unescorted access to the collocation areas for pre-authorized personnel. The first layer of security includes Photo ID proximity Access Cards. Proximity card reader devices are located at major points of entry and are used to secure critical areas within the overall data center. All perimeter doors are alarmed and monitored. Authorized customers and vendors are required to have a validated palm scan to enter the collocation area. The access control system continuously monitors and logs all entry ways. Access records are stored for reference.
* Guarded Premises - On-premise security guards monitor all traffic and ensure that entry processes are correctly followed.
* Photo ID Card - Operations staff members are required to provide data center-authenticated photo ID cards prior to gaining admittance to the facility.
* Palm Identification System - The Palm Identification System is linked to the access card system. Once the individual swipes the card, he or she must place a hand in the palm scan for final authorization.
* Portals and Man Traps - Single - person man traps guarantee that only one person is authenticated at one time to prevent "tailgating".
* Video Surveillance - The data center maintains video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter. Video is monitored and is stored for review for non-repudiation.
N+1 Systems * Photo ID Card - Operations staff members are required to provide data center-authenticated photo ID cards prior to gaining admittance to the facility.
* Palm Identification System - The Palm Identification System is linked to the access card system. Once the individual swipes the card, he or she must place a hand in the palm scan for final authorization.
* Portals and Man Traps - Single - person man traps guarantee that only one person is authenticated at one time to prevent "tailgating".
* Video Surveillance - The data center maintains video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter. Video is monitored and is stored for review for non-repudiation.
Many layers in the system implement an N+1 system of redundancy. This design allows one or more elements to fail without any interruption in service by having multiple, redundant systems online to automatically assume processing on behalf of the failed component.
Our System
From its inception our system was architected to provide thorough security measures throughout the application and to deter any attack that would jeopardize the integrity of a customer's data.
Application-only Access
The system is divided into layers that separate data from the application itself. This provides you with the assurance that users of the application cannot ever access your data to maliciously alter or copy it.
Role-level Access, Idle Disconnect and Account Lockout
Each end user is assigned a specific role with specific permissions to only see and use the features related to his or her own job. The system also detects idle connections and automatically locks the browser screen to prevent someone else from sitting at your computer and using your access. Also, if anyone tries to access the application by guessing at a person's ID and password, the account will be locked after several attempts.
Our Provider
They take proactive measures to ensure that the application is safe from internet attacks. All of the servers are behind a firewall to prevent users from accessing them other than by specifically allowed protocols and methods. Additionally, securely designed segregated networks, load balancers with "denial of service" countermeasures, and applications-layer filters create layers of protection against malicious acts.
128-bit Secure Socket Layer Data Encryption
From the moment we or our employees access the application login screen, the data is protected. Your unique ID and password, as well as all data in the subsequent connection are encrypted with 128-bit SSL, the same level of transaction security currently utilized by some of the world's largest Web banking and commerce businesses.
* Continual Monitoring - Our Provider uses a battery of scans and intrusion detection systems (IDS) to identify any vulnerability within our network. We block unauthorized attempts to access our data center, and we log and investigate any unauthorized connection attempts.
* Complete Audit Trail - Our Provider continuously maintains a complete audit trail. It tracks each transaction by the user login details and provides a timestamp for each event.
* Testing and Maintenance - Just like the systems they protect, the processes that govern availability are continuously tested, improved and maintained. Process management is governed by industry best-practices. Our provider subjects all of its processes and procedures to regular third-party audits as part of its commitment to quality.
* Complete Audit Trail - Our Provider continuously maintains a complete audit trail. It tracks each transaction by the user login details and provides a timestamp for each event.
* Testing and Maintenance - Just like the systems they protect, the processes that govern availability are continuously tested, improved and maintained. Process management is governed by industry best-practices. Our provider subjects all of its processes and procedures to regular third-party audits as part of its commitment to quality.
Privacy
All information gathered on this site is confidential and will never be shared with other organizations. We treat it as if it was our own.