At CFG Merchant Solutions™, we take security very seriously.
CFG Merchant Solutions™ Compliance and Security teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.
Our policies are based on the following foundational principles:
Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
Security controls should be implemented and layered according to the principle of defense-in-depth.
Security controls should be applied consistently across all areas of the enterprise.
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
CFG Merchant Solutions prioritize the security and privacy of our customers’ data. Our infrastructure and processes are designed to meet the highest standards, including adherence to SOC 2 compliance requirements.
We are committed to achieving and maintaining SOC 2 compliance, focusing on the Trust Services Criteria:
Our security measures include:
CFG Merchant Solutions provides comprehensive security training to all personnel upon onboarding and annually through educational modules. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.
We engage independent auditors to assess our compliance with SOC 2 standards. These assessments validate our commitment to maintaining robust security controls.
In the event of a security incident, we have a comprehensive response plan to address and mitigate potential impacts. To report a security concern, please contact us at security@cfgms.com
Security is an ongoing priority. We regularly review and update our policies and practices to adapt to emerging threats and evolving industry standards.
