Our Commitment to Security

security badge logo

You’ve trusted us with your data and your privacy, and we take that responsibility seriously. We employ both internal and external measures to ensure the security of your health and financial information.

SOC 2 logo
HIPAA compliance logo
PCI-DSS logo

Application Security

document and lock icon
Data is encrypted in transit with TLS 1.2 and at rest with AES, access controls, and secure configurations.
user access lock icon
Role-based user access controls restrict access to cardholder data, PII, and PHI.
cloud and lock icon
MWG cloud environments are backed by Microsoft Azure’s security measures.

An Ongoing Commitment to Vigilance

Today’s cybersecurity attacks are sophisticated and multi-vectored. So is our defense.

check mark iconPenetration Testing

Regular security assessments are conducted by independent third parties which includes internal penetration testing, external penetration testing, quarterly vulnerability scans, threat assessments, and social engineering testing.

check mark iconSecurity Awareness Training

Our employees complete required annual security awareness training covering industry-standard practices and information security topics such as phishing and password management.

check mark iconVendor Management

Our organization undergoes independent third-party assessments to test our security controls. In addition, we maintain a Vendor Management program to ensure vendors with whom we share data or outsource functions also have adequate security controls in place.

check mark iconRoles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined, documented and reviewed annually.

check mark iconInformation Security Program

We have an information security program in place that is communicated throughout the organization and acknowledged by employees. Our information security program uses a variety of policies and procedures that are reviewed annually and follow the criteria set forth by SOC 2.

check mark iconContinuous Monitoring

We continuously monitor our security and compliance status using internal and external platforms to ensure security controls and risks are assessed and analyzed at a frequency sufficient to adequately protect organizational information. In addition, we have an Enterprise Risk Management (ERM) program that considers and addresses cybersecurity risks with all levels of management and departments company-wide.