Security Information

SSL Encryption

MyGov enforces a 100% HTTPS policy which encrypts all information being passed over the Internet using 256 Bit Strong SSL Encryption and uses Strict Transport Security (HSTS) to tell browsers that we use HTTPS only. Secure encryption and identity insurance is provided by Digicert, an independent SSL Certificate Authority. SSL is monitoring continuously to ensure MyGov maintains an A+ rating from Qualys’ SSL Labs, the premier SSL verification tool: See for yourself!

Servers / OS

MyGov uses dedicated servers running FreeBSD in a load-balancing, high availability cluster. This cluster features redundancy at the server, storage and database levels to provide self-healing and ultra-reliable service.

Secure Facility

MyGov collocates all servers at a Liquid Web facility. Liquid Web owns and operates five state-of-the-art, private data centers in Michigan, Arizona and Amsterdam, providing geographic redundancy, disaster recovery, and rapid content delivery. They are manned 24/7/365 by onsite, premium security and highly trained support technicians with some of the quickest response times in the industry. All facilities maintain strict certifications protecting the safety of your data, backed by a 100% power and network uptime SLA guarantee.

Monitoring Services

MyGov servers and services are monitored 24x7x365 by dedicated on-call staff. Additionally, Site24x7 provides third party monitoring which validates Customer uptime and provides an independent validation for the MyGov Service Level Agreement (SLA).

Backups

MyGov uses a secure off-site backup system that encrypts the backups before they even leave the servers as well as during transit to the remote storage facility. The remote storage facility has no access or keys to decrypt the data so in the event of a compromise the stored backup files are useless to an attacker. When a backup completes the remote storage facility locks the servers' access to the file to prevent an a compromised server being used to access or destroy the remote backups. The remote storage facility also uses redundant hard disks and an advanced filesystem that verifies backup data written to the disk correctly, and when read back it is also verified. If errors are detected they are automatically corrected. For redundancy, MyGov maintains at least seven days of backups in two different locations, namely Lansing, MI and Portland, OR.

PCI Compliance

For online payments using credit or debit cards, MyGov uses Pace Payment Systems which maintains PCI Compliance validated by Visa.

Data Ownership / Retrieval

All paying Customers utilizing the MyGov Services, as defined in the Subscription Services Agreement, retain an ownership right to their data and can download a backup copy of their data at anytime via the Site Administration page.