MR9 is more secure

In the last Team MR post, we told you about a big difference in the upcoming MR9 from MR8 is that it’s web based — meaning you can access it from anywhere. So it might seem counter intuitive to say that it will be more secure than MR8 residing in your office behind a firewall, but it is.

There are many ways MR9 improves on security. Here are the highlights (details below):

SOC2 compliant
Two-factor authentication for log-in
Complex passwords
Regular password updates
CAPTCHA
Automatic log-off
Cloud technology & protocols
No open ports
Client/order info remains confidential
Better than backup data mirroring & file duplication

Secure data handling confirmed by 3rd party

Liability concerns with storing data remotely have created a demand for assurance of the security, confidentiality, and privacy of information processed by these systems. This is especially strong with the type of sensitive legal and medical data stored in MR9.

To meet that demand, OMTI undergoes annual audits by independent 3rd-party CPAs of our controls and procedures for handling our clients’ data including data managed in the cloud. Security is covered in the SOC 2 standard, and OMTI is SOC2 Type 2 compliant, which is the higher standard of compliance in which CPAs audit us over a several month period each year.

You can request a copy of our current SOC 2 compliance report on our website.

Secure log-in options

MR9 and MR Connect include several optional security enhancements for logging in, such as two-factor authentication (2FA). 2FA is a more secure way to confirm a user’s identity by adding a second factor to signing in with a user name and password — such as a code sent to their cell phone that they must enter too.

You can also require that users have complex passwords, which are harder for hackers to break. And you can require that users periodically update their passwords — within a timeframe you determine.

MR9 will also use CAPTCHA to prevent bots from making automatic Forgot Password requests — a type of brute-force attack which creates excessive traffic on the server and could slow down your system.

Automatic log-off

To be compliant with general security rules for business applications, automatic log-off will be enforced in MR9 and MR Connect. The default is that users will be automatically logged out after 20 minutes of inactivity, but you can change that to be as little as 5 minutes or as long as an hour.

Users receive alerts at the end of periods of inactivity to extend their time before being automatically logged off — just like on banking sites.

Cloud technology & protocols

MR9 and MR Connect are housed in the cloud on Microsoft Azure Cloud Services — which in addition to a guaranteed 99.9% uptime, benefit from Microsoft’s dedicated resources and processes that guarantee the security and privacy of data on Azure, including various security certifications and following international standards for privacy controls in the cloud. These safeguards are beyond what a single agency could provide.

No open ports

MR9 is more secure than an in-house system in other ways — such as open port security: When trying to log into MR9 or MR Connect remotely without a secure connection, you do not need to keep the well-known default SQL port open; nor do you need to keep any custom ports open for MR Repository downloads.

Your information remains confidential

You maintain control of your files. We do not host files on our own servers– your files reside on Microsoft Azure Cloud Services. Your client/order information remains confidential.

Better than backup

With your MR data and repository files on Microsoft’s Azure’s Cloud Services, you no longer need a back-up system. Data is mirrored between servers in different locations — so even if one server were to go down, another server would be accessed immediately with no interruption in service and no lost data. Repository files are also protected similarly with duplicates stored in several locations.

Modernized security

MR9 is a major upgrade to your specialized business management software — and part of that is the enhanced security built into both MR9 and MR Connect from beginning to end.

Listed under MR9, Security | Tagged MR9

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.