MICC | Mortgage Industry Cybersecurity Certification

MICC Security statement

The MICC is a public statement and endorsement of your company's cybersecurity program. By placing this emblem on your website, you are signifying your company's commitment to the highest standards and best cybersecurity practices for your industry. MICC has been architected, built and is operated by CyberCecurity, LLC, a full-service cybersecurity company headquarted in Denver, Colorado. CyberCecurity's cybersecurity practices and the MICC program are aligned with the ISO 27001-2013 standard and the NY DFS 23NYCRR500 regulation. The NY DFS 23NYCRR500 regulation is considered cybersecurity "best practices" for the financial services industry.

As part of the MICC certification program, you will provide us with various information related to your cybersecurity program such as a cybersecurity risk assessment and other documents. It is our duty to protect that information.

Here is what we have done to protect your information:

All information sent by you to us and all sensitive communications between us will be encrypted.
Once we receive any sensitive informatin, it is saved on an encrpted, external hard-drive. The significance of this kind of external hard-drive is that it can only be accessed via human interaction with a key pad built into the face of the hard-drive. This is more secure than a software interface which can be hacked.
We make only certain parts of your information viewable by the general public. Here is a link to a demo page that shows you what a public viewer can see about your information. NOTE that the public can only see the fact that you had a risk assessment performed and that we have seen it and verified its existence. The public cannot see any of the assessment details. We keep those on the encrypted Apricorn hard-drive.
We keep all sensitive information about your company out of our MICC.us website database. That way, even if the encrpted database is breached, there is nothing there that is sensitive.
We use PayPal for credit card transactions and therefore do not have any interaction with your information. However, each year we still complete the PCI-DSS SAQ-A security assessment to ensure that we are doing everything recommended by the credit card industry to keep your credit card information secure.