Security
Protecting the confidentiality, integrity, and availability of your information is one of our highest priorities.
Our Commitment to Security
We are committed to implementing reasonable administrative, technical, and organizational measures designed to:
- Protect customer information from unauthorized access.
- Maintain the integrity of business data.
- Safeguard confidential procurement information.
- Support the availability and reliability of our services.
- Continuously improve our security posture through monitoring and ongoing enhancements.
Secure Authentication
Access to the Metro InHouse Vendor Portal requires user authentication.
Security measures include:
- Secure user login
- Encrypted password storage
- Account access controls
- Session management
- Automatic session expiration after periods of inactivity
- Protection against unauthorized login attempts
Users are responsible for maintaining the confidentiality of their login credentials.
Password Security
To help protect user accounts, we recommend:
- Creating strong, unique passwords
- Avoiding password reuse across multiple websites
- Keeping passwords confidential
- Updating passwords periodically
- Reporting suspected credential compromise immediately
Metro InHouse employees will never ask you to disclose your password.
Data Encryption
Sensitive information is protected using industry-standard encryption technologies. This includes:
- Encryption of data transmitted between your browser and our platform using HTTPS/TLS.
- Encryption of sensitive information where appropriate while stored within our systems.
- Secure password hashing practices to protect user credentials.
Access Controls
Access to customer information is restricted based on business need.
Security controls include:
- Role-based access permissions
- Principle of least privilege
- Administrative approval for elevated access
- Authentication requirements for internal users
- Access logging and monitoring
Only authorized personnel are permitted to access systems necessary to perform their responsibilities.
Infrastructure Security
Our platform is hosted using secure cloud infrastructure designed to support reliability, scalability, and security.
Infrastructure protections may include:
- Network firewalls
- Security monitoring
- Intrusion detection and prevention measures
- Redundant systems
- Availability monitoring
- Regular software updates
- Security patch management
Monitoring and Threat Detection
We continuously monitor our environment to help identify potential security risks.
Monitoring activities may include:
- Login activity
- Failed authentication attempts
- Suspicious account behavior
- System performance
- Infrastructure health
- Security event logging
When appropriate, security alerts are investigated by authorized personnel.
Data Backup and Recovery
To support business continuity, we maintain backup and recovery procedures designed to reduce the risk of data loss.
These procedures may include:
- Regular backups
- Secure storage of backup data
- Disaster recovery planning
- Business continuity planning
- Recovery testing where appropriate
Vendor Responsibilities
Security is a shared responsibility. As a vendor, you should:
- Protect your account credentials.
- Use secure devices.
- Keep your operating system updated.
- Install current antivirus software.
- Avoid logging in from unsecured public computers.
- Log out after completing your session.
- Report suspicious activity immediately.
Failure to protect your account may increase the risk of unauthorized access.
Fraud Prevention
Metro InHouse takes reasonable measures to detect and prevent fraudulent activity. Examples include:
- Monitoring unusual login activity
- Reviewing suspicious account behavior
- Detecting duplicate or fraudulent registrations
- Monitoring abnormal bidding activity
- Investigating reports of misuse
Accounts suspected of fraudulent activity may be temporarily suspended while an investigation is conducted.
Secure Development Practices
Security is considered throughout our software development lifecycle. Our development practices may include:
- Secure coding standards
- Code reviews
- Security testing
- Bug fixes
- Vulnerability remediation
- Controlled software releases
We continually evaluate opportunities to improve the security of our platform.
Incident Response
If a security incident is identified, Metro InHouse follows an incident response process designed to:
- Contain the incident
- Assess potential impact
- Investigate root causes
- Restore affected services
- Notify affected parties when required by applicable law
- Implement corrective measures to reduce future risk
Third-Party Services
Metro InHouse may rely on trusted third-party service providers to support platform operations, including cloud hosting, email delivery, analytics, authentication, and infrastructure services.
We carefully evaluate service providers and require them to maintain appropriate security standards for the services they perform on our behalf.
Privacy Protection
Security and privacy work together.
Information collected through the Vendor Portal is handled in accordance with our Privacy Policy. We do not sell personal information and only use or disclose information as described in our Privacy Policy or as required by applicable law.
Reporting Security Concerns
If you believe you have discovered a security vulnerability or suspect unauthorized activity involving the Metro InHouse Vendor Portal, please notify us immediately.
When reporting a security concern, please include:
- A description of the issue
- Date and time observed
- Steps to reproduce (if applicable)
- Screenshots or supporting information (if available)
- Your contact information
We appreciate responsible disclosure and will investigate all credible security reports promptly.
Security Best Practices for Vendors
To help keep your account secure, we recommend that you:
- Use a unique password for your Metro InHouse account.
- Enable Multi-Factor Authentication (MFA) if available.
- Regularly review your account activity.
- Keep your browser and operating system updated.
- Avoid sharing account credentials.
- Verify email requests before providing information.
- Be cautious of phishing attempts.
- Notify Metro InHouse immediately if you suspect unauthorized access.
Service Availability
While we strive to provide continuous access to the Vendor Portal, temporary interruptions may occur due to:
- Scheduled maintenance
- Security updates
- Infrastructure upgrades
- Internet service disruptions
- Third-party service interruptions
- Events beyond our reasonable control
Whenever practical, scheduled maintenance will be communicated in advance.
Continuous Improvement
Cybersecurity is an evolving discipline. Metro InHouse regularly reviews and enhances its security practices to address emerging threats, improve operational resilience, and align with recognized industry standards.
As our platform grows, we will continue to invest in technologies, processes, and training that strengthen the protection of our users and their data.
Responsible Disclosure
We encourage responsible disclosure of potential security vulnerabilities. Please provide us with a reasonable opportunity to investigate and remediate reported issues before publicly disclosing them.
We ask that security researchers act in good faith, avoid disrupting our services, refrain from accessing or modifying data without authorization, and comply with all applicable laws during testing.
Found a security concern?
We take responsible disclosure seriously and investigate every credible report promptly.