MDavis Inc


M. Davis Information Systems Security Mission

M. Davis & Sons utilizes and maintains a robust, private information technology infrastructure that helps us succeed as an industry leader and carry out our core competencies. Our information systems security is founded upon four core pillars:

  • Integrity
  • Governance and policy
  • Scalable security architecture and solutions
  • Expansive and continuous security awareness and response programs

Our cybersecurity’s comprehensive posture increases security and reduces risk while securely enabling access to information for those who need it.

Our strong data security posture and assessments address such fundamental practices as: 

  • Accounts provisioning
  • Accounts administration
  • Access control
  • Identity management
  • Security governance
  • Standards and authoring
  • Security architecture
  • Department security
  • IT security management
  • Standards compliance
  • Threat and vulnerability analysis
  • Security events monitoring
  • Cybersecurity incident response

To ensure compliance with all relevant laws and regulations, the validation of all security functions is integrated into company procedures and is periodically evaluated by the Department of Information Technology, General Counsel, Risk Management, and the company’s external certified cyber security auditors.

M. Davis utilizes modern technology solutions to meet these information security goals. Some examples of technologies in use include next-gen anti-virus management software, host intrusion detection, network intrusion detection, firewalls, vulnerability scanning tools, electronic perimeter access, camera surveillance, and biometrics. AI is also incorporated into network behavior analysis tools. In addition, the integrity of all such programs is reviewed for their ability to be integrated into company procedures and are routinely evaluated and adjusted as needed.


  • Adopted the FTC Red Flags Rule
  • Pursuing NIST 800-171 / Achieved Level 1 CMMC
  • Next-gen IT data security hardware and software in use
  • AI-based sensor monitoring and alerts
  • Routine industry certified third-party security assessments and validation audits
  • Private data center protected by surveillance, electronic access control, UPS 
  • Multi-factor authentication 
  • Robust continual cyber security employee training with unannounced targeted testing 
  • Segmented internal networks and limited data access based on least privilege access control lists
  • Cyber security insured 
  • Security logs stored and maintained off-site
  • Certified secure disposal and destruction of retired data storage devices
  • Central storage full and at-rest data encryption 
  • PHI data leak prevention tools
  • On-site 150 Kva. electrical utility backup generator 
  • Certified off-site secure document shredding
  • Vault storage of confidential documents and data
  • Highly secure Wi-Fi with individual disposable time-limited private keys