Security Statement
MP Technology maintains administrative, technical, and operational safeguards to protect company systems and customer information handled through service delivery.
Structured controls for responsible technology service delivery.
Security is built into how MP Technology administers systems, handles client information, manages access, and delivers support. Our practices are designed to reduce operational risk while supporting reliable, accountable service.
Layered safeguards for internal systems, administrative devices, and service platforms.
Access controls based on authorization, role, business need, and least privilege.
Documented practices for secure administration, data handling, and incident response.
A practical summary of the safeguards that support how we protect systems, operations, and customer information.
Last Updated: April 23, 2026
This statement describes security measures used within MP Technology's internal environment and service delivery operations. It is provided for general transparency and does not replace customer-specific agreements, service orders, statements of work, or other written terms.
Security practices aligned to disciplined IT operations.
Our security program is guided by practical controls that support risk reduction, administrative accountability, and responsible handling of information across normal business and service delivery activities.
Confidentiality
Information is accessed and handled based on authorization, business need, service context, and applicable confidentiality expectations.
Integrity
Administrative actions, configuration changes, documentation, and support work are performed with attention to accuracy, traceability, and control.
Availability
Internal systems and service platforms are managed with safeguards intended to support continuity, secure access, and reliable service delivery.
Accountability
Access decisions, administrative activity, security expectations, and incident handling are supported by defined practices and documented procedures.
How we protect client information and service delivery operations.
The following areas summarize core safeguards used within MP Technology's business environment and service delivery model. Specific controls may vary based on platform capabilities, engagement scope, customer requirements, and the systems involved.
Identity & Access Controls
Access to business systems, management platforms, and customer environments is limited to authorized users with a defined operational need.
- Least-privilege access practices
- Role-based permissions where practical
- Multifactor authentication for key systems
- Access review and revocation procedures
Endpoint & Device Security
Devices used for internal operations and administrative access are secured through controls appropriate to their role, sensitivity, and platform.
- Managed endpoint or mobile device controls where applicable
- Device encryption and access protection
- Patch and configuration management
- Endpoint protection capabilities where supported
Data Protection
Customer information is handled with care and accessed only as needed to support authorized service activity.
- Controlled storage and sharing practices
- Sensitivity labeling where applicable
- Data loss prevention controls where supported
- Encryption in transit and at rest where practical
Network & Platform Security
Internal systems and service platforms are protected through layered administrative and technical safeguards.
- Secure remote access methods
- Firewall and network protection practices
- Hardened configurations where appropriate
- Segmentation and administrative separation where practical
Monitoring & Logging
Operational visibility supports troubleshooting, security review, administrative accountability, and incident response.
- Logging for relevant business and administrative systems
- Security and operational alert review
- Event investigation and escalation practices
- Recordkeeping appropriate to the service and system involved
Incident Handling
Security and operational events are addressed through procedures that support containment, investigation, communication, and recovery.
- Event triage and containment
- Customer escalation when appropriate
- Remediation tracking
- Post-incident review and control improvement
Security controls embedded in daily service operations.
MP Technology's work often involves administrative access, technical decision-making, and exposure to client operational details. Internal practices are designed to keep that work controlled, documented, and security-conscious.
Administrative discipline
Administrative work is performed with attention to authorization, scope, change impact, and system sensitivity. Service records, documented procedures, and customer-specific context help reduce risk during support and project activity.
Secure remote support
Remote support tools are used for authorized support activity and are governed by applicable service terms, remote support agreements, customer authorization, and operational need.
Vendor and platform selection
Third-party platforms used for service delivery are selected and configured with consideration for security, reliability, administrative control, and operational fit.
Continuous improvement
Security practices are reviewed as business needs, threats, client expectations, and technology platforms evolve. Operational lessons are used to improve controls over time.
1. Security Governance & Risk Management
At MP Technology ("MP Technology," "we," "our," or "us"), security is part of the way we operate internally and deliver services to customers. In the course of service delivery, customers may provide access to business systems, operational information, and technology platforms. Protecting the confidentiality, integrity, and availability of systems and information under our control is a core operating responsibility.
We maintain documented security and operational practices intended to support consistent service delivery, responsible administrative access, and risk reduction. Our approach is informed by recognized industry guidance and best practices, including principles derived from frameworks such as NIST and CIS, and is reviewed as threats, technologies, and business requirements evolve.
Scope note: This statement describes MP Technology's internal security practices and service delivery safeguards. Customer-specific responsibilities, service levels, and security commitments are governed by the applicable written agreement.
2. Access Controls
Access to internal systems, management platforms, and customer environments is restricted to authorized personnel with a legitimate business need. MP Technology applies least-privilege and role-based access principles where practical. Administrative access may be protected through multifactor authentication, strong authentication requirements, account review, and access restriction procedures.
For customer environments, access is governed by the applicable engagement, customer-approved scope, technical platform, and written agreement. Access may be temporary, limited to specific service activity, or persistent where authorized for managed services, monitoring, patching, remote administration, or related operational needs.
3. Device & Endpoint Security
Devices used for internal business operations and administrative access are managed and secured through controls appropriate to their role and platform. These safeguards may include centralized endpoint or mobile device management, encryption, patch enforcement, endpoint protection, configuration standards, access restrictions, and the ability to revoke or limit access when necessary.
Administrative devices are expected to be maintained in a secure state and used in a manner consistent with MP Technology's internal security expectations. These practices reduce the risk of unauthorized access, data exposure, credential compromise, and unmanaged administrative activity.
4. Data Protection & Information Governance
MP Technology uses measures intended to improve data governance and reduce the risk of unauthorized disclosure, alteration, or loss of sensitive information. These measures may include data classification, sensitivity labeling, encryption of data in transit and, where applicable, at rest, controlled access to business systems and data, data loss prevention controls, and external sharing restrictions where supported by the platform.
Customer information is accessed and used only as needed to support authorized service activity, business communications, project work, troubleshooting, documentation, or other legitimate operational purposes. MP Technology does not sell customer information and avoids unnecessary retention where information is not needed for service delivery, legal, accounting, operational, or contractual purposes.
5. Network, Platform & Administrative Security
Internal systems and service platforms are protected through layered safeguards appropriate to the environment. These protections may include firewalls, secure remote access methods, hardened configurations, segmentation, logging, alerting, and other preventative or detective controls.
Remote administrative tools, service platforms, and management systems are used for legitimate business and support purposes. Their use may be governed by service terms, customer authorization, written agreements, internal access practices, platform logging, and other operational controls.
6. Monitoring, Logging & Incident Handling
Monitoring, logging, and operational review practices support visibility into relevant business systems, administrative actions, and service-related activity. MP Technology also maintains incident handling procedures intended to support investigation, containment, escalation, communication, and recovery when security or operational events occur.
When appropriate under the circumstances and applicable agreements, affected customers may be notified of relevant incidents. Notification timing, content, process, and obligations may depend on the nature of the event, the systems involved, applicable law, and the governing customer agreement.
7. Patching, Maintenance & Vulnerability Reduction
MP Technology implements patching, maintenance, and vulnerability-reduction practices for systems and platforms under our management or internal control. This may include routine software updates, security patching, configuration review, and related maintenance activities, subject to platform capabilities, operational requirements, and service scope.
For customer systems, patching and vulnerability remediation depend on the contracted service model, customer approvals, maintenance windows, licensing, technical dependencies, vendor support, and operational risk. MP Technology may provide recommendations, remediation support, or managed execution where those responsibilities are included in the applicable engagement.
8. Personnel Security & Internal Practices
Personnel with access to customer systems or information are expected to operate under confidentiality obligations and internal security expectations. As appropriate to role and engagement, internal practices may include background screening, access authorization processes, security awareness training, and documented procedures for handling administrative access and sensitive information.
Security awareness is an operating expectation. Personnel are expected to recognize phishing, protect credentials, follow approved access methods, avoid unnecessary data exposure, and escalate suspected security issues through appropriate channels.
9. Third-Party Platforms & Service Providers
MP Technology may rely on third-party software, cloud services, and vendor platforms for functions such as remote support, monitoring, management, security, backup, communications, and productivity. We make reasonable efforts to select reputable providers and configure those platforms consistent with our operational and security requirements.
Third-party services remain subject to their own terms, architectures, controls, data handling practices, and availability commitments. MP Technology is not responsible for failures, vulnerabilities, outages, or security incidents caused by third-party providers except to the extent expressly stated in a written agreement.
10. Shared Responsibility
Security depends on clear ownership between MP Technology, customers, users, vendors, and technology providers. MP Technology is responsible for the internal controls and service activities it expressly manages. Customers remain responsible for the security, configuration, lawful use, governance, licensing, business decisions, user behavior, and risk acceptance within their own environments except to the extent MP Technology has specifically assumed defined responsibilities under a separate written agreement.
Customer-side outcomes may depend on factors outside MP Technology's direct control, including customer-approved scope, user activity, budget decisions, system age, vendor limitations, backup strategy, patching constraints, access provided to MP Technology, and whether recommended security improvements are approved and implemented.
11. Scope, Limitations & Contractual Controls
No security program can eliminate all risk, and no system, platform, or service can be guaranteed to be completely secure, uninterrupted, or free from vulnerabilities. This Security Statement is a general overview of MP Technology's internal security practices and is not a warranty, guarantee, or independent certification of security or compliance.
Specific commitments, responsibilities, service levels, notification obligations, and customer-specific security requirements are governed by the applicable agreement, service order, statement of work, business associate agreement where applicable, or other written contract.
12. Security Questions
Customers, prospects, vendors, and authorized reviewers may contact MP Technology regarding security-related questions, vendor review requests, due diligence inquiries, or additional information regarding our security practices.
Need additional security information?
For security questionnaires, vendor review requests, or questions about MP Technology's security practices, contact us with the context of the request.