1. Our approach
We build security into MARC from the ground up. We follow the principle of least privilege, default to encryption, and design our systems so that a single failure never becomes a breach. Our goal is that the platform you trust to check compliance is itself held to a high standard.
2. Infrastructure
MARC runs on reputable cloud infrastructure hosted in secure, audited data centres. Production environments are isolated from development and testing, and access to infrastructure is restricted, logged, and reviewed.
3. Encryption
- Data is encrypted in transit using TLS 1.2 or higher.
- Data at rest is encrypted using industry-standard algorithms.
- Secrets and credentials are stored in managed secret stores, never in source code.
4. Access controls
- Least-privilege access, granted only to those who need it.
- Multi-factor authentication on administrative accounts.
- Regular review and prompt revocation of access when roles change.
5. Application security
Security is part of our development lifecycle. We use code review, automated dependency and vulnerability scanning, and testing before changes reach production. We keep our software and dependencies up to date.
6. Monitoring & resilience
We monitor our systems for anomalies and maintain logging to support investigation and response. We perform regular backups and maintain processes to recover the Service in the event of an incident.
7. Data isolation & retention
Customer data is logically separated, and we handle it in line with our Privacy Policy. Scan content is retained according to your plan and can be deleted on request.
8. Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please contact us with the details so we can investigate and respond promptly. We ask that you give us a reasonable opportunity to address the issue before any public disclosure.
9. Compliance
We align our practices with recognised security frameworks and are continually maturing our programme. Contact us if you need documentation or details to support your own vendor assessment.
Questions about this page? Email [email protected] or write to Mediacle Limited, 16 Upper Woburn Place, London, WC1H 0BS United Kingdom