Read the statement from Midaxo's CEO and VP of Technology about the SolarWinds' breach here:
As M&A professionals, we understand the importance of data security and maintaining the confidentiality of information in an M&A context. This key factor is incorporated into the way we have designed and built our entire platform.
Midaxo is committed to maintaining a high level of information security, and its key priority is always protecting customers’ information and carefully maintaining the information security of Midaxo Platform. Our Security Whitepaper gives an overview of the Midaxo Platform security features.
The Midaxo information security management system (Midaxo ISMS) meets the international ISO/IEC 27001:2013 standard. As of April 2016, Midaxo was certified compliant by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) after successful completion of a formal compliance audit. ISO 27001 is an internationally recognized security management standard that specifies security management best practices and comprehensive security controls.
Midaxo was recently audited by KPMG IT Certification Ltd and passed the recertification audit on April 6, 2019.
The Midaxo Platform service has an Information Security attestation issued by Nixu Ltd., the largest independent information security expert services company in the Nordics. The attestation process verifies that the Midaxo Platform architecture and software are designed, implemented, and maintained securely. Nixu Ltd. performs an annual security audit to maintain the Nixu Information Security attestation. Besides Nixu Ltd., other independent third-party auditors regularly audit Midaxo Platform’s security.
In addition, customers have audited Midaxo Platform. Midaxo offers customers the opportunity to perform security audits and penetration testing of their own with a test instance with the same architecture as in Midaxo Platform.
Midaxo is McAfee Enterprise-Ready™ cloud platform. Midaxo has been granted the attestation for fully satisfying the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
We are participating in CSA STAR's security assurance program on the Self-assessment-level. CSA STAR provides a meta-matrix of cloud-specific security controls that are mapped to several standards, best practices and regulations. We feel that by making this information about our security practices public, we’re readily providing answers to such questions that you would likely ask us anyway, and we’re also promoting industry transparency in general. If we haven’t stated our compliance to your preferred standard or practice, there is a good chance that our filled Consensus Assessments Initiative Questionnaire (CAIQ) will contain answers to your key concerns about our security practices.
Download Filled CAIQThe EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
See CertificateWhat is GDPR?
Starting May 25, 2018, the EU General Data Protection Regulation (GDPR) has replaced the Data Protection Directive 95/46/EC. The new law is expected to harmonize data privacy laws across Europe to protect personal data of all EU citizens. It aims to reshape the way organizations within the EU region – and outside – approach data privacy. The purpose of the GDPR is to protect all EU citizens from privacy and data breaches. More information about the new regulation can be found here.
GDPR and Midaxo
At Midaxo, customer data protection is our top priority. The technical implementation of Midaxo platform is designed to meet strict data security regulations. As data controller, Midaxo customers have complete ownership of the data. Midaxo platform enables data controllers by empowering the customer users to keep personal data secure, up-to-date and provide rights to their own personal data. Midaxo platform architecture is based on the fundamental principles of ‘Privacy by Design’ and ‘Privacy by Default.’ In nutshell – be at ease, Midaxo platform is fully compliant with GDPR
As an organization, Midaxo has evaluated new restrictions which the GDPR will impose along with subject matter experts in Europe. We have identified the areas within the company and have taken the necessary steps to ensure compliance with the law. Midaxo Data Processing Agreement (DPA) is available upon request. If you have any questions, please feel free to contact us.
For more information, read our article - GDPR Compliance: New Rules for M&A.
The Health Insurance Portability and Accountability Act (HIPAA) of United States law mandates requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to hospitals and other healthcare companies that have access to patients’ protected health information (PHI), and it also applies to their business associates that can access PHI.
The scope of HIPAA was extended by HITECH, the Health Information Technology for Economic and Clinical Health Act in the United States. The relevant HITECH requirements are included in the HIPAA Omnibus rule.
HIPAA requires that the covered entities and their business associates sign Business Associate Agreements (BAA). Once the BAA is signed between Midaxo as a business associate and a customer covered in HIPAA, the customer can store and process PHI in Midaxo applications and services that are covered in the BAA.
There is no official certification for the Omnibus HIPAA compliance. However, the Midaxo services covered under the BAA have been audited and are included in Midaxo ISO/IEC 27001 certification.
Midaxo fulfills the HIPAA and HITECH compliance requirements for business associates. In particular, Midaxo fulfills the general, administrative, physical, technical, and organizational requirements and has appropriate policies and procedures for business associates in compliance with Omnibus HIPAA, as stated in HIPAA §164.306 - §164.318.
It should be noted that, while Midaxo ensures the confidentiality, integrity, and availability of all customer data within our service, we also give broad usage rights for the administrative users of our customers for their own data.
Even though Midaxo takes every precaution to appropriately protect the data, it is possible for our customers to manage the data within their own account in Midaxo in such a way that would jeopardize their compliance with HIPAA. To help our customers to maintain their HIPAA compliancy while using Midaxo, here are some procedures and precautions that should be considered:
Two-Factor Authentication
Single Sign-on
Role-based Privileges
Audit Logs
Secure Browser Connections
Customer Data Security (in transit & at rest)
AWS Hosting
Penetration Testing
24x7 Monitoring
Back-ups & Redundancy
Dynamic Application Security Testing
Cloud Hosting
3-Tier Architecture
Distinct Production Servers
Midaxo ISMS Processes
Midaxo information security management system (Midaxo ISMS) is based on the international ISO 27001 standard. The design of security controls is based on risk analysis. Risk management is periodically performed throughout the organization to ensure the mitigation of any emerging security risks. Midaxo ISMS defines the security processes, roles, and responsibilities for implementing information security management as an integral part of Midaxo’s business and operations. Midaxo ISMS, together with Midaxo’s information security policy, are periodically reviewed to ensure they are up to date.
Patch and Vulnerability Management
Midaxo’s security team closely monitors security updates, alerts, and advisories from applicable system and software vendors as well as various security organizations and authorities. Based on risk analysis, the security team deploys applicable mitigation methods and security controls. Operation and maintenance of the Platform follow documented processes and plans. Continuous monitoring of information security and system performance ensures that all deviations and incidents can be responded to in a timely manner by trained and competent personnel in accordance with the incident response process.
Training and Awareness
All Midaxo employees undergo security training on a regular basis. Midaxo Platform is developed, operated, and maintained by motivated, competent personnel that are committed to maintaining a high level of information security. Continuous security education and training support them to maintain security awareness in the organization. The technical implementation of Midaxo Platform has been designed to meet customers’ strict security requirements and industry best practices.
Information Collected Using Cookies and How It's Used
You are free to explore our website without providing any information about yourself. When you visit our website or register for our services, we request that you provide Personal Information about yourself, and we collect Navigational Information.
Personal Information refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.
Navigational Information refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. We use this information to operate and improve our website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Midaxo.
In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to: (a) send information to you which we think may be of interest to you by post, email, or other means, or (b) send you marketing communications related to our business or the businesses of carefully-selected third parties which we think may be of interest to you.
Security Articles
With questions, comments or doubts, please contact security@midaxo.com.