Security Measures

Governance and Organization

Our information security program is led by our Chief Information Officer, who is responsible for security strategy, risk management, compliance with applicable information security and data protection laws, and oversight of operational security (including review of alerts, logs, and metrics). The Chief Information Officer also serves as our internal Data Protection Officer.

Frameworks and Certifications

MTech’s information security program incorporates best practices from industry-standard frameworks, such as ISO 27001 and the NIST Cybersecurity Framework (CSF). MTech is SOC2 Type 2 attested by an independent third-party auditor.

You can learn more about our certifications at https://mtechsystems.io/trust-center.

Our SOC2 Type 2 report is available on request, subject to a customary non-disclosure agreement.

Data Categories Processed

MTech’s platform and services primarily process data related to livestock production operations and supply chain management. Most data comprise metrics such as animal counts, feed usage, production yields, environmental conditions, and cost tracking, sourced from systems and devices that subscribers choose to connect.

Personal data is not the primary type of data handled by MTech. Our focus is on operational, production, and supply chain data to support livestock management and business decision-making.

Data Subject Rights and Privacy Requests

MTech supports data subject rights under applicable privacy laws. You can read more about how we handle requests for access, rectification, deletion, or restriction of processing of personal data in our Privacy Policy available at https://mtechsystems.io/legal/privacy-policy/.

Core Security Principles

The foundation of our information security program is to prevent unauthorized access to subscriber data.

• Information Handling. All information assets are classified using a formal classification matrix, with designated roles and ownership assigned throughout the organization to ensure accountability and proper stewardship.
• Data in Transit. All data transferred between subscriber systems and MTech services is protected using strong encryption protocols, specifically Transport Layer Security (TLS 1.2 or higher).
• Data at Rest. All data stored within MTech’s platform is encrypted at rest using the Advanced Encryption Standard (AES-256).
• Data Segmentation. MTech’s platform operates within a secure cloud environment, and each subscriber’s data is logically separated to ensure privacy and isolation.
• Encryption Keys. Encryption keys are managed securely within Microsoft Azure, with regular rotation and access controls in accordance with industry best practices.

Zero-Trust Framework

MTech employes a zero-trust strategy across all environments, whether internal or customer based. The Zero-Trust Framework is based on three core principles.

• Verify Explicitly. Every access request is authenticated and authorized based on all available data.
• Use Least Privileged Access. Limit user access to only what is necessary.
• Assume Breach. Design systems with the expectation that breaches will occur.

Hosting

MTech’s platform and services are hosted on Microsoft Azure. Subscribers can select their preferred hosting location to meet business, regulatory, or data residency requirements.

Operational Security and Monitoring

Our platform and services are constantly monitored for deviations, anomalies, and suspicious patterns. We monitor subscriber accounts and user activities, including privileged accounts. Different types of traffic and behavior are analyzed to identify deviations and enable rapid response through automated alerts. Product availability and performance are continuously tracked using dedicated monitoring services. Monitoring and alerting controls are regularly reviewed and updated to reflect evolving threats and operational requirements.

Threat Intelligence and Risk Analysis

Cyber-attack threat analysis via Microsoft Defender, Microsoft Sentinel, and Blue Voyant helps the MTech Security Team to identify risks from external hackers, internal sabotage, and geopolitical threats. Focus is on detecting and preventing ransomware, activism-driven attacks, and attacks on sensitive data such as our source code and subscriber data.

• Microsoft Defender. MTech uses Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps. Defender for Endpoint provides real-time blocking and threat protection. Defender for Identity protects Active Directory from lateral movement and credential theft. Defender for Office 365 enhances email hygiene and phishing protection. Defender for Cloud Apps monitors shadow IT and app anomalies.
• Microsoft Sentinel. Sentinel serves as MTech’s SIEM platform, aggregating logs from Defender and other sources. It supports analytics, alerting, and automation, and is integrated with BlueVoyant’s SOC for 24/7/365 managed detection and response. Security incidents are triaged by BlueVoyant and escalated to internal MTech personnel where applicable.
• BlueVoyant. BlueVoyant provides 24/7/365 SOC coverage, threat intelligence, and monthly reporting via the Wavelength portal. It supports endpoint quarantine, file deletion, and whitelisting under pre-approved protocols. SSO integration with Entra ID ensures secure access to the portal.

Access Management Controls

MTech implements robust access management controls to ensure that only authorized individuals can access our systems and data. Access rights are granted based on the principles of need-to-know and least privilege, ensuring users have only the permissions necessary for their roles and responsibilities.

• Authentication. We secure accounts with strong authentication measures, including multi-factor authentication (MFA), hardware tokens, and single sign-on (SSO).
• Privileged Access. Privileged access is strictly limited to authorized personnel. All activities performed with elevated rights are closely monitored and logged to maintain accountability and oversight.
• Access Reviews. Access reviews are regularly conducted according to an established process to ensure permissions remain appropriate.
• Subscriber Authentication Options. MTech offers flexible authentication options for subscribers, including integrations with identity providers such as Okta, Google, CyberArk, and Entra ID.

Secure Development Practices

Security is embedded throughout the software development lifecycle.

• Code Deployment. All changes to the code base are peer-reviewed and validated before being deployed to the production environment.
• Automated Monitoring. Automated tools continuously scan for potential vulnerabilities, ensuring that issues are identified and remediated promptly to maintain the security and integrity of our platform and services.

Penetration Testing

MTech engages independent third parties to conduct regular penetration testing of our platform and services.

Incident Management

MTech maintains a structured incident management framework that clearly defines roles, responsibilities, communication protocols, and procedures for the detection, escalation, and resolution of service and security incidents.

Disaster Recovery and Business Continuity

Subscribers have the option to deploy services redundantly across multiple Azure Availability Zones, ensuring resilience against environmental risks.

The services leverage geographically distributed data centers and cloud infrastructure for high availability, operational continuity, and disaster recovery, depending on the subscriber’s selected service level.

Subscriber data is backed up using geo-redundant storage in an alternate region. In the event of a primary region outage, data can be restored, and the environment reprovisioned in accordance with our disaster recovery procedures.

Support and engineering teams are distributed across regions for rapid response.

Business continuity, incident response, and disaster recovery plans are regularly tested and updated.

Risk Management

Risk management is a central activity at MTech and is fundamental to our long-term stability and operational resilience. We foster a strong risk-aware culture and maintain effective processes to identify, assess, manage, and report risks across our organization.

MTech continuously monitors and evaluates risks using a structured model that considers both probability and impact. Risks are identified, assessed, and prioritized, with mitigation strategies developed and tracked to closure. Regular reporting ensures that risk owners and leadership remain informed and engaged in proactive risk management.

People Security

MTech applies comprehensive personnel security controls to ensure employees, contractors, and consultants understand their responsibilities, are suitable for their roles, and are continuously trained.

• Background Checks. Pre-employment screening is conducted for all new hires and contractors. External service providers are used to perform these checks securely where permitted by applicable laws.
• Onboarding. All personnel follow a structured onboarding process that includes participating in security awareness and role-specific training, as well as assignment of access credentials.
• Offboarding. Offboarding is governed by a formal checklist-driven process which includes immediate revocation of system and physical access, return or destruction of company materials and information, and reminders of ongoing obligations under NDAs and employment agreements.
• Security Awareness and Training. MTech runs a continuous security awareness program that includes general security training for all staff, targeted modules addressing current threat vectors (e.g., phishing, social engineering), and phishing simulations and follow-up training for identified gaps.
• Disciplinary Process. MTech maintains a disciplinary process for handling security breaches. The process ensures fair and consistent treatment of incidents, with escalation protocols and corrective actions depending on severity and intent.

Physical Security

MTech partners with Microsoft Azure to host our platform and services. Microsoft Azure maintains industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and PCI DSS Level 1. More info about the security of Microsoft Azure’s data centers can be found at https://learn.microsoft.com/en-us/azure/security/.

MTech has implemented measures to ensure that only authorized people can access our physical office locations. This includes comprehensive access controls such as employing badge readers, camera surveillance, and time-specific access restrictions.

Vendor Management and Sub-processors

MTech relies on a series of supporting services from third-party vendors to operate efficiently and effectively. Where these vendors are integrated with MTech’s services or may impact our security and risk tolerance, we conduct thorough risk assessments prior to onboarding any new vendor (including trial periods) and as needed for existing vendors. Such risk assessments include vetting for compliance with SOC 2 and ISO 27001 standards.

All sub-processors (vendors that process personal data) are subject to written agreements requiring them to meet MTech’s security, privacy, and compliance standards. We maintain a public list of current sub-processors and provide notice of any changes.

Our sub-processor list is available at https://mtechsystems.io/legal/sub-processor-list/.

Contact Us

If you have questions regarding our information security or data privacy practices, you can contact us using the details below.

Email: support@mtech-systems.com

Mail: 115 Perimeter Center Place NE, Suite 845, Atlanta, GA 30346, USA