Our cybersecurity program is structured around best practices, process and procedures as laid out by: Service Organization Control 2 (SOC 2), National Institute of Standards & Technology (NIST), Center for Internet Security (CIS), and International Standards Organization (ISO).
Madison Logic has integrated privacy-compliant principles into our B2B digital advertising and content syndication workflows and has implemented the appropriate controls to meet global legislation requirements.
The confidentiality of our clients’ data is paramount at Madison Logic. Our industry-standard controls are employed to ensure that all confidential data remains secure and is never shared with third parties without client consent.
Every Madison Logic lead goes through a data-driven, multi-touch validation process to ensure that ABM campaigns are processed with the highest degree of integrity, leading our clients to increased deal velocity and accelerated growth.
SOC 2 Certification
Madison Logic annually executes and completes an SOC 2 Type 2 for Service Organizations. The independent CPA firm, A-Lign has issued the SOC 2 Report and included a clean opinion on the design of Madison Logic’s controls relative to the Security, Privacy, Confidentiality, Processing Integrity, and Availability Trust Service Principles and Criteria.
Madison Logic provides a variety of services oriented for digital marketers:
- Content Syndication: This product takes research, such as white papers and case studies, and distributes them across a network of business to business (‘B2B’) media partners to connect with a qualified audience. When end users wish to download and consume this information, they provide their business card data in exchange. This business card information is then validated and transferred to the company that authored the content
- Display Advertising: This product shows advertisements across the web that includes video, mobile, native, and desktop advertising. Madison Logic’s clients provide their brand messaging advertising ads and Madison Logic finds the right individuals across the web to serve the ads to
- Madison Logic Platform: This analytics dashboard provides its clients with insights into how their marketing campaigns are yielding results. Integrations with CRM and Marketing Automation Platforms enable increased conversions through personalized messaging across all stages of the buyer’s journey, while giving sales real-time insight into the content their accounts are engaging with. Madison Logic enables its clients to better understand the research habits and content consumption behaviors of their target audiences
- Lead data, when uploaded to Madison Logic Customer, has business card information (first/last name; job title; email; phone number; company name; region (country/state)). Internally this data is stored for a period of 1 year before it is deleted from within Madison Logic. This data, devoid of business card information, is aggregated anonymized and generalized to determine campaign effectiveness and characteristics. Client details and lead or contact details are completely stripped away from such aggregation.
- Account data: your Platform account data and other electronic identification data such as IP address and the data you add to your account such as your password, date of birth, gender and other information you share with us. We also monitor behavioral data online and mobile collected through cookie tracking technologies
- Amazon Web Services, Inc. – AWS Cloud Computing Services
- Domo, Inc – Domo Platform
- Okta, Inc. – Okta Platform Services
- Snowflake Inc. – Cloud Data Platform
- Atlassian – Bitbucket Cloud
- Citrix Systems, Inc. – ShareFile
- Towerdata – Email Validation
- Madison Logic stores your CRM data in the United States, in the state of Virginia, within the Amazon Web Services region us-east-1.
- Madison Logic employs TLS protocols with up to 256-bit encryption to protect client authentication, authorization and file transfers (data in transit).
- Your data is secured at rest by encrypting it using AWS Key Management Service APIs. AWS KMS uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys.
- Data that contains personal information is reviewed and purged according to a pre-defined schedule based on the expiration of any legitimate business use of the data, or other legal requirements to retail the data for compliance reasons.
- Data for Content Syndication is maintained for 12 months, and 90 days for Display Advertising.
Access to your data is programmatically restricted by customer via a third-party authentication & entitlements service (Okta).
Yes. We can ensure that your content is securely removed from Madison Logic systems. Contact us for more information.
- Madison Logic maintains Business Continuity and Disaster Recovery plans which are regularly tested and reviewed for readiness.
- All scoped data are hosted and managed through various cloud providers which each have their own business continuity plans.
- Madison Logic has the appropriate resources and staff who are dedicated to ensuring Security is a top concern and we have put forth the appropriate processes and measures to ensure such. The Technical Operations team, including the Director, CTO, Security and Devops Engineers, and our IT staff are all involved in the aspects of our physical and virtual security.
- Madison Logic has a dedicated Security Operations team who monitor and respond to security and data privacy incidents.
Madison Logic continuously educates its employees about the risks around Security and Privacy breach and encourages a shared responsibility across the organization. We work with a Security Training partner to provide yearly trainings around security and privacy awareness, such as GDPR, CCPA, Phishing, and Secure Coding best practices. We also perform monthly phishing simulations to maintain awareness within the organization.
- Madison Logic’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Services (AWS) technology. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2, PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX)
- Madison Logic holds a SOC 2 Type 2 certification performed under AT-C 105 and AT-C 205 by an independent auditor as of September 12th, 2022. A copy of the Madison Logic SOC 2 report can be made available to our clients (under NDA).
- Madison Logic utilizes SAML SSO for authentication with the Madison Logic Platform.
- Federation with client SAML Identity Providers is available as of October 2022
Yes: SSN Trace & Associated Counties; Miscellaneous Court Records; Domestic Watch List Search; 7-Year County Criminal Court Search; National Criminal Databases Search; 7-Year County Criminal Court Search; Employer Verification
Yes. All new hires sign a Confidentiality Agreement as part of their onboarding process before starting with ML
Yes. The Madison Logic Code of Conduct Policy, Acceptable Use Policy, Confidentiality Policy, and Data Protection Policies are included in the Employee Handbook and is also presented to all contractors who are bound to follow the policies as written.
Madison Logic continually vets all vendors and third-party suppliers through our vendor risk management program.
- Madison Logic performs regular patch management and remediation of vulnerabilities on the Madison Logic Platform.
- Madison Logic works internally and with third parties to run penetration tests on Madison Logic Platform, and its source code, to search for and remediate vulnerabilities.
We have a documented Incident Response Plan which is updated and tested regularly so that we can methodically respond to and manage potential security incidents.
General Data Protection Regulation (GDPR)
EU data transfers and Schrems II
On July 16th, 2020, the CJEU determined that the Privacy Shield did not afford EU individuals the protections equivalent to those afforded by EU law, including the General Data Protection Regulation, also known as the Schrems II decision. The CJEU said companies can use standard contractual clauses (SCCs) as a primary means of safeguarding data transfer but only if data controllers can ensure appropriate measures are in place to protect EU data from U.S. government surveillance.
Madison Logic takes commercially reasonable and appropriate technical, organizational, and contractual supplemental measures, (Standard Contractual Clauses) to ensure data is afforded an essentially equivalent level of protection as provided under the GDPR.
Contractually, Madison Logic ensures that it meets the data protection obligations under GDPR for data transfers to the United States. Role-based access controls are employed such that segregation of duties, two-factor authentication, and end-to-end audit trails exist. Customer data is segregated for access by tenant (customer) and key Madison Logic personnel via SAML SSO that employs a strong password policy. AES 256-bit encryption protects data at rest, while TLS 1.2 encryption protects data in transit.
All data is stored in the United States at data centers that are accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX). Strict breach protection policies, processes, and systems safeguard data from corruption, compromise, or loss.
California Consumer Privacy Act (CCPA)
The California Consumer Protection Act (CCPA) went into effect on January 1, 2020. This piece of legislation aims to protect the personal data of Californians. More importantly, it seeks to give Californians more control over that data. In some ways, it’s the American version of Europe’s General Data Protection Regulation (GDPR). Madison Logic maintains the necessary controls to comply with CCPA and is registered with the California Data Broker Registry.
Canada's Anti-Spam Law (CASL)
CASL is Canada’s Anti-Spam Legislation, which took effect July 1, 2014. The legislation includes an opt-in model with limited exceptions that applies to B2B email messaging, meaning generally that recipients must proactively agree to receive email from businesses, commonly known as an ‘express consent’ model.
As a result, Madison Logic no longer sends emails to Canada on their owned and operated sites. We require our platform and off-platform partners to be anti-spam compliant and we take the steps to ensure that they make the proper adjustments prior to program commencement. We are an ad serving and form serving technology and we do not email clients from the platform or off-platform partners (3rd parties).
Need to file a complaint?
Madison Logic provides a third-party Confidential & Anonymous Reporting System for employees, clients, and other third-parties to anonymously report any of the following incidents:
Fraud reports are related to embezzlement, fraudulent reporting or accounting issues, auditing violations, internal control matters and any securities violations.
Compliance & Ethics
Compliance and Ethics reports are related to compliance and regulation violations, code of ethics violations, conflicts of interest, and a waste and abuse of company equipment and resources.
Human Resources reports are related to employee relations, abuse of benefits, discrimination, harassment and work environment.
Confidential & Anonymous Reporting System
Go to: https://app.integritycounts.ca/org/madisonlogic