< Back
You are here  >   Legal

The following documents outline our terms of service and the steps that BeMo takes to protect your information.


E-Commerce Solutions
You can be confident in knowing that BeMo Corp is a verified Authorize.Net merchant. Authorize.Net is committed to providing its merchant customers with the highest level of transaction processing security, safeguarding customer information and combating fraud. More merchants trust Authorize.Net than any other payment gateway to process their ecommerce transactions securely. For more information about the benefits of Authorize.Net’s secure transaction processing, please visit the Authorize.Net Web site.

BeMo has recognized the need to offer our hosted services to the US Federal Gov't via a GSA schedule. We have made that a reality through a partnership agreement with one of our consulting partners Digital Concepts Inc. - http://www.dci-america.com/ Digital Concepts (DCI) who has been supporting both commercial clients, Gov't clients, as well as the Air Force for 30 years . BeMo hosted services are now available as offering through DCI's GSA Schedule 70 Contract # GS35F078H.

BeMo has achieved the Microsoft Gold Project and Portfolio Management (PPM) as well as the Small and Midmarket Cloud Solutions, Silver Collaboration and Content, Datacenter and Hosting competencies which demonstrate greater value to our customers by showcasing best-in-class capabilities that have undergone a rigorous and auditable approval process.

Under certificate number 3709-01-07, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide, McAfee attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with BeMo boarding and scoping practices, review of results for anomalies, and review and correction of disputed or incomplete results, false positives, and active scan.

BeMo is a member of the U.S., EU, EFTA and Switzerland's Safe Harbor program for Privacy. The United States (U.S.) Department of Commerce has developed separate, but similar, "Safe Harbor" Frameworks, which include data protection principles, with the European Commission (EU), the European Free Trade Association (EFTA) and the Swiss Federal Data Protection and Information Commissioner of Switzerland. These Safe Harbor Frameworks are designed to provide U.S. organizations with a means to satisfy the EU, the EFTA and Switzerland's legal requirement that adequate data protections be afforded to personally identifiable information transferred from the EU, EFTA or Switzerland to the United States. Learn more...

The SOC 2 (Service Organization Control 2) report is an examination of engagement performed by a service auditor in accordance with the predefined criteria in Trust Services Principles, Criteria and Illustrations, as well as the requirements and guidance in AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1). The intent of a SOC 2 report is to provide an understanding of the details of the processing and controls in-place at a service organization by testing the design of the controls and their operating effectiveness with the goal of instilling confidence and gaining trust in that service organization’s systems.

A core requirement for SOC 2 reporting is developing a description of the service organizations system, that is, a detailed and comprehensive narrative that describes the services provided along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities.

The report proves the design and operating controls for the Security and Availability Trust Service Principles were tested, and found to be suitably designed and operating effectively.

Type II SSAE 16 SOC 1 (formerly known as SAS 70 International Type II) is issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) to organizations that typically provide services to other organizations that involve transaction processing and the securing of data used to perform these services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.

CSAE 3416 Type 2 (formerly known as CICA 5970) is a Canadian standard administered by the Canadian Institute of Chartered Accountants. Designation under this program encompasses specific requirements for service providers managing customer data and focuses heavily in the areas of compliance, security and access. In addition, this certification addresses the topics of backup and recovery, computer operations and facility infrastructure.

The ISAE 3402 report is issued under International Standards for Assurance Engagements (ISAE) 3402. An auditor's report provides assurance that the service business is maintaining effective and efficient internal controls related to financial, information and security reporting. This examination and report is similar to and issued in conjunction with an SSAE 16 SOC 1 report.