< Back
You are here  >   Legal

The following documents outline our terms of service and the steps that BeMo takes to protect your information.


E-Commerce Solutions
You can be confident in knowing that BeMo Corp is a verified Authorize.Net merchant. Authorize.Net is committed to providing its merchant customers with the highest level of transaction processing security, safeguarding customer information and combating fraud. More merchants trust Authorize.Net than any other payment gateway to process their ecommerce transactions securely. For more information about the benefits of Authorize.Net’s secure transaction processing, please visit the Authorize.Net Web site.

BeMo has recognized the need to offer our hosted services to the US Federal Gov't via a GSA schedule. We have made that a reality through a partnership agreement with one of our consulting partners Digital Concepts Inc. - http://www.dci-america.com/ Digital Concepts (DCI) who has been supporting both commercial clients, Gov't clients, as well as the Air Force for 30 years . BeMo hosted services are now available as offering through DCI's GSA Schedule 70 Contract # GS35F078H.

BeMo is a Microsoft Managed Partner, Microsoft Enterprise Mobility + Security Elite Partner (reserved for Microsoft Top 50 cybersecurity companies around the world) and Gold Partner with Project and Portfolio Management (PPM), Enterprise Mobility Mangement, Cloud Platform, Small and Midmarket Cloud Solutions and Datacenter competencies which demonstrate greater value to our customers by showcasing best-in-class capabilities that have undergone a rigorous and auditable approval process.

Under certificate number 3709-01-07, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide, McAfee attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with BeMo boarding and scoping practices, review of results for anomalies, and review and correction of disputed or incomplete results, false positives, and active scan.

BeMo has adopted a Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. The Policy applies to the processing of Personal Data that BeMo obtains from Customers located in the European Union and Switzerland. To learn more about this Policy, visit http://www.bemopro.com/PrivacyPolicy.aspx

The SOC 2 (Service Organization Control 2) report is an examination of engagement performed by a service auditor in accordance with the predefined criteria in Trust Services Principles, Criteria and Illustrations, as well as the requirements and guidance in AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1). The intent of a SOC 2 report is to provide an understanding of the details of the processing and controls in-place at a service organization by testing the design of the controls and their operating effectiveness with the goal of instilling confidence and gaining trust in that service organization’s systems.

A core requirement for SOC 2 reporting is developing a description of the service organizations system, that is, a detailed and comprehensive narrative that describes the services provided along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities.

The report proves the design and operating controls for the Security and Availability Trust Service Principles were tested, and found to be suitably designed and operating effectively.

Type II SSAE 16 SOC 1 (formerly known as SAS 70 International Type II) is issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) to organizations that typically provide services to other organizations that involve transaction processing and the securing of data used to perform these services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.

CSAE 3416 Type 2 (formerly known as CICA 5970) is a Canadian standard administered by the Canadian Institute of Chartered Accountants. Designation under this program encompasses specific requirements for service providers managing customer data and focuses heavily in the areas of compliance, security and access. In addition, this certification addresses the topics of backup and recovery, computer operations and facility infrastructure.

The ISAE 3402 report is issued under International Standards for Assurance Engagements (ISAE) 3402. An auditor's report provides assurance that the service business is maintaining effective and efficient internal controls related to financial, information and security reporting. This examination and report is similar to and issued in conjunction with an SSAE 16 SOC 1 report.