top of page
Combination Lock

Data & System Security

Here at merciglobal, we value our customers' data and system security above everything else.

Merciglobal Cloud ERP
Security Endpoints

01

Login Security

02

Database Security

03

Instance Security

01 - Login Security

  • User allowed to login from authorised computer / mobile device only. (Automatically applied)

    • User can login from any new device only after admin has authorised the new device.

    • In case a new device is detected for login, admin user is notified for the same, via an email having a link to authorise the user login from this new device.

    • Existing / older device(s) can be un-authorised for login.

    • Each user event is logged in binary audit log trails, available for access for each entry.

    • Sample screenshot of email sent to admin user

User Login Device Change Email
  1. User locked specific IP addresses for login.

    • Users can be limited to login from particular IP addresses only. More than one IP address can be set for required users, to allow them to login from multiple locations.​
       

  2. User allowed to login from specific geo location.
    • Users may be limited to login only from specific geo location, as detected by the computer/mobile.​
       

  3. User allowed to login during specific time of the day only.

    • Users may be restricted to login and work during specific hour of the day only.

  4. Login based on 2FA using google authenticator.

    • 2FA authentication can be enabled for the users to prevent un-authorised login access.

  5. Login based on OTP sent on SMS. (Least recommended)

    • Users may opt for OTP based login, in which case, the OTP is sent on user's registered mobile number.​
       

  6. Users may only have one active login session at a time. The user's previous session on the preceding device is automatically logged out if they log in from a different device.

02 - Database Security

  1. Merciglobal Cloud ERP is hosted on OCI - Oracle Cloud Infrastructure - with managed MySql Enterprise Database Server Instances.
     

  2. Separate database instance for each customer to prevent any data spillage or intrusion.

  3. Database Servers are located within Local VCN, Ingress & Outgress rules set to serve local associated instances only, previliged for local address within the allowed range of local IPs, within private subnet. Public access to the instances are not possible, and thus there is no chance for intrusion or hacking or any other possibility for database access from anywhere outside in the world.
     

  4. Clustered database under MySql Security Previleges.

  5. European GDPR compliance from OCI server side.

  6. Automated backups at 0100 HRS every night, on secondary backup server instance and iNetServer hosts for added data safety. Order placed starting Feb 13, 2024, a paid subscription is to be taken by client for automated backup mechanism.
     

  7. Linux Ubuntu host for MySql Database Servers to further add bulletproof security to database.
     

  8. Legal contract with all employees at Merciglobal to ensure no data is shared outside the scope of work by anyone in the organisation, governed by respective contractual laws.

03 - Instance Security

  1. Merciglobal Cloud ERP is hosted on OCI - Oracle Cloud Infrastructure - using latest release and patches of the Ubuntu - Linux operating system.
     

  2. Software and hardware firewalls further insure the system with prevention of hacking or intrusions.

  3. NGINX as web host, configured to prevent any DDOS attacks, handle huge work loads, prevent any SQL injections.
     

  4. File uploads / attachment uploads to server are pre-checked for presence of any malicious code. 

  5. Image uploads are automatically compressed in size, thereby preventing any un-authorised code from execution injected within the files.

  6. Direct execution of any OP code is not permitted in any form (Virus codes), as per server configuration and the web host configuration.
     

  7. Access to client project/data is granted to merciglobal team members only in case the client has raised a ticket request in their project. Only the person having the ticket can log into the system for the time he/she has checked in. All the keystrokes and updates/changes are recorded by the system to prevent any un-authorised access of data.
     

  8. Direct access to server only via Secure Shell Protocol (SSH), governed under Oracle Cloud Infrastructure Bastion service.

bottom of page