Midaxo Cloud Cybersecurity

High-level data security to protect your privacy and dealmaking.

As corporate development professionals, we understand the importance of data security and maintaining the confidentiality of information in a transaction context. This consideration is incorporated into the way we designed and built our entire platform.

Midaxo is committed to maintaining a high level of information security, and its key priority is always protecting customers’ information and carefully maintaining the information security of Midaxo Cloud. We are the industry-leader in security, with certifications including ISO 27001 and McAfee Enterprise-Ready. Our Security Datasheet provides a brief overview of the security features in the Midaxo platform.

Our Security Whitepaper gives an in-depth review of Midaxo Cloud security features.

What to look for when evaluating a corporate dealmaking software platform vendor

Do you know security is important to your practice but not sure exactly what to look for? Download this checklist for evaluating M&A platform security to get started.

Compliance and Certifications

ISO27001 logo

ISO 27001 Certified

The Midaxo information security management system (Midaxo ISMS) meets the international ISO/IEC 27001:2013 standard. As of April 2016, Midaxo was certified compliant by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) after successful completion of a formal compliance audit. ISO 27001 is an internationally recognized security management standard that specifies security management best practices and comprehensive security controls.

Midaxo is audited by KPMG IT Certification Ltd. The latest annual audit was passed on April 6, 2022.

Cloud Security Alliance (CSA) logo

Cloud Security Alliance (CSA) STAR

We are participating in CSA STAR’s security assurance program on the self-assessment level. CSA STAR provides a meta-matrix of cloud-specific security controls that are mapped to several standards, best practices, and regulations. By making this information about our security practices public, we’re providing answers to questions you would likely ask us anyway and we’re promoting industry transparency in general. If we have not stated our compliance to your preferred standard or practice, there is a good chance our filled Consensus Assessments Initiative Questionnaire (CAIQ) will contain answers to your key questions about our security practices.

McAfee Enterprise-Ready logo

McAfee Enterprise-Ready

Midaxo is a McAfee Enterprise-Ready cloud platform. Midaxo has been granted the attestation for fully satisfying the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

GDPR logo

GDPR

What is GDPR?

Starting May 25, 2018, the EU General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC. The new law harmonizes data privacy laws across Europe to protect the personal data of all EU citizens. It reshapes the way organizations within the EU region – and outside – approach data privacy. The purpose of the GDPR is to protect all EU citizens from privacy and data breaches.

GDPR and Midaxo

At Midaxo, customer data protection is our top priority. The technical implementation of Midaxo platform meets strict data security regulations. As data controller, Midaxo customers have complete ownership of the data. Midaxo platform enables data controllers by empowering the customer users to keep personal data secure, up-to-date, and provide rights to their own personal data. The Midaxo platform architecture is based on the fundamental principles of ‘Privacy by Design’ and ‘Privacy by Default.’ The platform is fully GDPR compliant

As an organization, Midaxo has evaluated new restrictions which the GDPR imposes along with subject matter experts in Europe. We have taken the necessary steps to ensure compliance with the law. The Midaxo Data Processing Agreement (DPA) is available upon request. If you have any questions, please contact us.

For more information, read our article – GDPR Compliance: New Rules for M&A.

HIPAA logo

HIPAA Statement

The Health Insurance Portability and Accountability Act (HIPAA) of the United States mandates requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to hospitals and other healthcare companies that have access to patients’ protected health information (PHI) and also applies to their business associates that can access PHI.

The scope of HIPAA was extended by HITECH, the Health Information Technology for Economic and Clinical Health Act, in the United States. The relevant HITECH requirements are included in the HIPAA Omnibus rule.

HIPAA requires that the covered entities and their business associates sign Business Associate Agreements (BAA). Once the BAA is signed between Midaxo as a business associate and a customer covered by HIPAA, the customer can store and process PHI in Midaxo applications and services that are covered in the BAA.

There is no official certification for the Omnibus HIPAA compliance. However, the Midaxo services covered under the BAA have been audited and are included in Midaxo ISO/IEC 27001 certification.

Midaxo fulfills the HIPAA and HITECH compliance requirements for business associates. In particular, Midaxo fulfills the general, administrative, physical, technical, and organizational requirements and has appropriate policies and procedures for business associates in compliance with Omnibus HIPAA, as stated in HIPAA §164.306 – §164.318.

It should be noted that, while Midaxo ensures the confidentiality, integrity, and availability of all customer data within our service, we also give broad usage rights for the administrative users of our customers for their own data.

Even though Midaxo takes every precaution to appropriately protect the data, it is possible for our customers to manage the data within their own account in Midaxo in such a way that would jeopardize their compliance with HIPAA. To help our customers to maintain their HIPAA compliancy while using Midaxo, here are some procedures and precautions that should be considered:

  • Permanent deletions. Midaxo gives a choice for the customer administrators to either archive or permanently delete data. We recommend for our HIPAA-covered customers not to use the permanent delete option.
  • Sharing Data. Midaxo offers strong access controls and permission management. To maintain HIPAA compliancy, the customer administrators should only share data as appropriate, according to HIPAA requirements.
  • Saving PHI data. Even though we are Omnibus HIPAA-compliant, we recommend considering whether there really is a need to store PHI data to Midaxo.
  • Audit log. We provide customer-specific audit logs for customer administrators, should you need to present system activity data while you are being audited.

Midaxo Platform Security Features

Image of Two-Factor Authentication

Two-Factor Authentication

Image of Customer Data Security

Customer Data Security (in transit & at rest)

Image of Single Sign-on

Single Sign-on

Image of AWS Hosting

AWS Hosting

Image of Role-based Privileges

Role-based Privileges

Image of Penetration Testing

Penetration Testing

Image of Audit Logs

Audit Logs

Image of 24x7 Monitoring

24×7 Monitoring

Image of Secure Browser Connections

Secure Browser Connections

Image of Back-ups & Redundancy

Back-ups & Redundancy

Image of Dynamic Application Security Testing

Dynamic Application Security Testing

Architecture

Cloud Hosting

  • Midaxo Platform runs on Amazon’s leading cloud platform, the Amazon Elastic Compute Cloud (AWS EC2) Web service.

3-Tier Architecture

  • The Midaxo Platform is logically based on a three-tier, client-server architecture in which the user interface (presentation tier), application processing (logic tier), and data storage (data tier) functions are separated.

Distinct Production Servers

  • Midaxo Platform production environment contains three distinct servers.
    • M&A application server: Provides the user interface and processes the M&A software
    • M&A database server: Provides M&A data storage, separated from the application
    • Log collection server: Collects log data from both aforementioned servers and automatically sends alerts for any detected violations

Corporate – People, Policies, and Processes

Midaxo ISMS Processes

Midaxo information security management system (Midaxo ISMS) is based on the international ISO 27001 standard. The design of security controls is based on risk analysis. Risk management is periodically performed throughout the organization to ensure the mitigation of any emerging security risks. Midaxo ISMS defines the security processes, roles, and responsibilities for implementing information security management as an integral part of Midaxo’s business and operations. Midaxo ISMS, together with Midaxo’s information security policy, are periodically reviewed to ensure they are up to date.

Patch and Vulnerability Management

Midaxo’s security team closely monitors security updates, alerts, and advisories from applicable system and software vendors as well as various security organizations and authorities. Based on risk analysis, the security team deploys applicable mitigation methods and security controls. Operation and maintenance of the Platform follow documented processes and plans. Continuous monitoring of information security and system performance ensures that all deviations and incidents can be responded to in a timely manner by trained and competent personnel in accordance with the incident response process.

Training and Awareness

All Midaxo employees undergo security training on a regular basis. Midaxo Platform is developed, operated, and maintained by motivated, competent personnel that are committed to maintaining a high level of information security. Continuous security education and training support them to maintain security awareness in the organization. The technical implementation of Midaxo Platform has been designed to meet customers’ strict security requirements and industry best practices.

Information Collected Using Cookies and How It’s Used

You are free to explore our website without providing any information about yourself. When you visit our website or register for our services, we request that you provide Personal Information about yourself, and we collect Navigational Information.

Personal Information refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Navigational Information refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. We use this information to operate and improve our website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Midaxo.

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to: (a) send information to you which we think may be of interest to you by post, email, or other means, or (b) send you marketing communications related to our business or the businesses of carefully-selected third parties which we think may be of interest to you.

Resources

Midaxo Security Whitepaper

Frequently Asked Questions

With questions, comments or doubts, please contact security@midaxo.com.