iso-certificate-midaxo.png

Data Security

As M&A professionals, we understand the importance of data security and maintaining the confidentiality of information in an M&A context. This key factor is incorporated into the way we have designed and built our entire platform.

Midaxo is committed to maintaining a high level of information security, and its key priority is always protecting customers’ information and carefully maintaining the information security of Midaxo Platform. Our Security White Paper gives an overview of the Midaxo Platform security features.

OVERVIEW

The Midaxo information security management system (Midaxo ISMS) is based on the international ISO 27001 standard. The design of security controls is based on risk analysis. Risk management is periodically performed throughout the organization to ensure the mitigation of any emerging security risks. Midaxo ISMS defines the security processes, roles, and responsibilities for implementing information security management as an integral part of Midaxo’s business and operations. Midaxo ISMS, together with Midaxo’s information security policy, are periodically reviewed to ensure they are up to date.

Midaxo Platform is developed, operated, and maintained by motivated, competent personnel that are committed to maintaining a high level of information security. Continuous security education and training supports them to maintain security awareness in the organization. The technical implementation of Midaxo Platform has been designed to meet customers’ strict security requirements and industry best practices.

Technical security starts with comprehensive security architecture that defines a solid and secure foundation for Midaxo Platform. The architecture is based on well-proven and widely used secure products, methods, and protocols, and it has been defined to protect data both in transit and at rest and to ensure its confidentiality, integrity, and availability. Strict access control allows only authorized users to access the data.

Operation and maintenance of the Platform follows documented processes and plans. Continuous monitoring of information security and system performance ensures that all deviations and incidents can be responded to in a timely manner by trained and competent personnel in accordance with the incident response process.

Because of today’s ever-changing risks and security threats, Midaxo’s security team closely monitors security updates, alerts, and advisories from applicable system and software vendors as well as various security organizations and authorities. Based on risk analysis, the security team deploys applicable mitigation methods and security controls. Periodic security audits and technical tests performed by independent third-party information security companies ensure that information security fulfills all requirements and meets the highest standards.

MIDAXO PLATFORM ARCHITECTURE

Midaxo Platform runs on Amazon’s leading cloud platform, the Amazon Elastic Compute Cloud (AWS EC2) Web service.

Midaxo Platform is logically based on a three-tier client server architecture, in which the user interface (presentation tier), application processing (logic tier), and data storage (data tier) functions are separated.

The Midaxo Platform production environment contains three distinct servers:

  • M&A application server: Provides the user interface and processes the M&A software
  • M&A database server: Provides M&A data storage, separated from the application
  • Log collection server: Collects log data from both aforementioned servers; the server automatically sends alerts regarding any detected violations.

CUSTOMER DATA SECURITY

Customer data stored in Midaxo Platform are physically located in the Amazon EC2 Ireland datacenter. All data stored in Midaxo Platform are considered confidential. Customers have ownership of their data. Midaxo policy restricts Midaxo admin’s access to customer data to support purposes only when requested by the customer.

ISO 27001 CERTIFIED

ISO27001_logo.png

The Midaxo information security management system (Midaxo ISMS) meets the international ISO/IEC 27001:2013 standard. As of April 2016, Midaxo was certified compliant by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) after successful completion of a formal compliance audit. ISO 27001 is an internationally recognized security management standard that specifies security management best practices and comprehensive security controls.

Midaxo's ISO 27001 Information Security Management certificate 

 

SECURITY CERTIFIED SERVICE

Security Certificate

The Midaxo Platform service has an Information Security Certificate issued by Nixu Ltd., the largest independent information security expert services company in the Nordics. The Information Security Certificate verifies that the Midaxo Platform architecture and software are designed, implemented, and maintained securely. Nixu Ltd. performs an annual security audit to maintain the Nixu Information Security Certificate. Besides Nixu Ltd., other independent third-party auditors regularly audit Midaxo Platform’s security.

In addition, customers have audited Midaxo Platform. Midaxo offers customers the opportunity to perform security audits and penetration testing of their own with a test instance with the same architecture as in Midaxo Platform.

BACKUPS AND REDUNDANCY

Midaxo Platform servers and all customer data are automatically backed up on a daily basis. Backups are stored at a separate off-site location in Frankfurt, Germany. All off-site files are encrypted with AES-256. The backup cycle is one year.

All customer data can be fully recovered in case of hardware failure or an outage of the Amazon service.

MORE INFORMATION

Request our Security White Paper.

With questions, comments or doubts, please contact security@midaxo.com.

Read our blog post: Merger and Acquisition Software Security Should Be a Top Concern

Information we Collect using Cookies and How it’s Used

You are free to explore our website without providing any information about yourself. When you visit our website or register for our services, we request that you provide Personal Information about yourself, and we collect Navigational Information.

Personal Information refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Navigational Information refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. We use this information to operate and improve our website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Midaxo.

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to: (a) send information to you which we think may be of interest to you by post, email, or other means, or (b) send you marketing communications related to our business or the businesses of carefully-selected third parties which we think may be of interest to you.