Security
MetaComet ensures trust in royalties and revenue sharing, and a critical part of that is security.
Security Program Highlights
Data Security
MetaComet encrypts data at rest and in transit. We enable HTTPS and use SSL database connections to protect sensitive data transmitted to and from our applications.
Application Security
MetaComet regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment. We employ third parties to monitor application dependencies to mitigate vulnerabilities as they arise. Our development team backs all code with extensive tests, peer code reviews and static analysis tools.
Infrastructure security
We use the Heroku platform to deploy our applications. Heroku’s Continuous Protection keeps data safe on Heroku Postgres databases. Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. Each component is backed up to secure, access-controlled, and redundant storage. The Heroku platform allows for recovering databases to within seconds of the last known state, restoring system instances from standard templates, and deploying applications and data. In addition to standard backup practices, Heroku’s infrastructure is designed to scale and be fault tolerant by automatically replacing failed instances and reducing the likelihood of needing to restore from backup.
Soc 2 Type 2
MetaComet Systems, Inc. has successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that MetaComet Systems, Inc.’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. MetaComet Systems, Inc. was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc.