Data Security


Read the statement from Midaxo's CEO and VP of Technology about the SolarWinds' breach here:

Read Here

As M&A professionals, we understand the importance of data security and maintaining the confidentiality of information in an M&A context. This key factor is incorporated into the way we have designed and built our entire platform.

Midaxo is committed to maintaining a high level of information security, and its key priority is always protecting customers’ information and carefully maintaining the information security of Midaxo Platform. Our Security Whitepaper gives an overview of the Midaxo Platform security features.

Compliance and Certifications


ISO 27001 Certified

The Midaxo information security management system (Midaxo ISMS) meets the international ISO/IEC 27001:2013 standard. As of April 2016, Midaxo was certified compliant by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) after successful completion of a formal compliance audit. ISO 27001 is an internationally recognized security management standard that specifies security management best practices and comprehensive security controls.

Midaxo was recently audited by KPMG IT Certification Ltd. The latest annual audit was passed on March 12, 2021 and the latest full recertification audit on April 6, 2019. 

 Download Certificate


NIXU Certified

The Midaxo Platform service has an Information Security attestation issued by Nixu Ltd., the largest independent information security expert services company in the Nordics. The attestation process verifies that the Midaxo Platform architecture and software are designed, implemented, and maintained securely. Nixu Ltd. performs an annual security audit to maintain the Nixu Information Security attestation. Besides Nixu Ltd., other independent third-party auditors regularly audit Midaxo Platform’s security.

In addition, customers have audited Midaxo Platform. Midaxo offers customers the opportunity to perform security audits and penetration testing of their own with a test instance with the same architecture as in Midaxo Platform.

Download Attestation


McAfee Enterprise-Ready

Midaxo is McAfee Enterprise-Ready™ cloud platform. Midaxo has been granted the attestation for fully satisfying the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.


Cloud Security Alliance (CSA) STAR

We are participating in CSA STAR's security assurance program on the Self-assessment-level. CSA STAR provides a meta-matrix of cloud-specific security controls that are mapped to several standards, best practices and regulations. We feel that by making this information about our security practices public, we’re readily providing answers to such questions that you would likely ask us anyway, and we’re also promoting industry transparency in general. If we haven’t stated our compliance to your preferred standard or practice, there is a good chance that our filled Consensus Assessments Initiative Questionnaire (CAIQ) will contain answers to your key concerns about our security practices.

Download Filled CAIQ

EU-U.S. Privacy Shield Framework

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

See Certificate


What is GDPR?

Starting May 25, 2018, the EU General Data Protection Regulation (GDPR) has replaced the Data Protection Directive 95/46/EC. The new law is expected to harmonize data privacy laws across Europe to protect personal data of all EU citizens. It aims to reshape the way organizations within the EU region – and outside – approach data privacy. The purpose of the GDPR is to protect all EU citizens from privacy and data breaches. More information about the new regulation can be found here.

GDPR and Midaxo

At Midaxo, customer data protection is our top priority. The technical implementation of Midaxo platform is designed to meet strict data security regulations. As data controller, Midaxo customers have complete ownership of the data. Midaxo platform enables data controllers by empowering the customer users to keep personal data secure, up-to-date and provide rights to their own personal data. Midaxo platform architecture is based on the fundamental principles of ‘Privacy by Design’ and ‘Privacy by Default.’ In nutshell – be at ease, Midaxo platform is fully compliant with GDPR

As an organization, Midaxo has evaluated new restrictions which the GDPR will impose along with subject matter experts in Europe. We have identified the areas within the company and have taken the necessary steps to ensure compliance with the law. Midaxo Data Processing Agreement (DPA) is available upon request. If you have any questions, please feel free to contact us.

For more information, read our article - GDPR Compliance: New Rules for M&A.


HIPAA Statement

The Health Insurance Portability and Accountability Act (HIPAA) of United States law mandates requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to hospitals and other healthcare companies that have access to patients’ protected health information (PHI), and it also applies to their business associates that can access PHI.

The scope of HIPAA was extended by HITECH, the Health Information Technology for Economic and Clinical Health Act in the United States. The relevant HITECH requirements are included in the HIPAA Omnibus rule.

HIPAA requires that the covered entities and their business associates sign Business Associate Agreements (BAA). Once the BAA is signed between Midaxo as a business associate and a customer covered in HIPAA, the customer can store and process PHI in Midaxo applications and services that are covered in the BAA.

There is no official certification for the Omnibus HIPAA compliance. However, the Midaxo services covered under the BAA have been audited and are included in Midaxo ISO/IEC 27001 certification.

Midaxo fulfills the HIPAA and HITECH compliance requirements for business associates. In particular, Midaxo fulfills the general, administrative, physical, technical, and organizational requirements and has appropriate policies and procedures for business associates in compliance with Omnibus HIPAA, as stated in HIPAA §164.306 - §164.318.

It should be noted that, while Midaxo ensures the confidentiality, integrity, and availability of all customer data within our service, we also give broad usage rights for the administrative users of our customers for their own data.

Even though Midaxo takes every precaution to appropriately protect the data, it is possible for our customers to manage the data within their own account in Midaxo in such a way that would jeopardize their compliance with HIPAA. To help our customers to maintain their HIPAA compliancy while using Midaxo, here are some procedures and precautions that should be considered:

  • Permanent deletions. Midaxo gives a choice for the customer administrators to either archive or permanently delete data. We recommend for our HIPAA-covered customers not to use the permanent delete option.
  • Sharing Data. Midaxo offers strong access controls and permission management. To maintain HIPAA compliancy, the customer administrators should only share data as appropriate, according to HIPAA requirements.
  • Saving PHI data. Even though we are Omnibus HIPAA-compliant, we recommend considering whether there really is a need to store PHI data to Midaxo.
  • Audit log. We provide customer-specific audit logs for customer administrators, should you need to present system activity data while you are being audited.

Midaxo Platform Security Features

Two-Factor Authentication

Single Sign-on

Role-based Privileges

Audit Logs

Secure Browser Connections

Customer Data Security (in transit & at rest)

AWS Hosting

Penetration Testing

24x7 Monitoring

Back-ups & Redundancy

Dynamic Application Security Testing


Cloud Hosting

  • Midaxo Platform runs on Amazon’s leading cloud platform, the Amazon Elastic Compute Cloud (AWS EC2) Web service.

3-Tier Architecture

  • Midaxo Platform is logically based on a three-tier client-server architecture, in which the user interface (presentation tier), application processing (logic tier), and data storage (data tier) functions are separated.

Distinct Production Servers

  • Midaxo Platform production environment contains three distinct servers.
    • M&A application server: Provides the user interface and processes the M&A software
    • M&A database server: Provides M&A data storage, separated from the application
    • Log collection server: Collects log data from both aforementioned servers; the server automatically sends alerts regarding any detected violations.

Corporate – People, Policies, and Processes

Midaxo ISMS Processes

Midaxo information security management system (Midaxo ISMS) is based on the international ISO 27001 standard. The design of security controls is based on risk analysis. Risk management is periodically performed throughout the organization to ensure the mitigation of any emerging security risks. Midaxo ISMS defines the security processes, roles, and responsibilities for implementing information security management as an integral part of Midaxo’s business and operations. Midaxo ISMS, together with Midaxo’s information security policy, are periodically reviewed to ensure they are up to date.

Patch and Vulnerability Management

Midaxo’s security team closely monitors security updates, alerts, and advisories from applicable system and software vendors as well as various security organizations and authorities. Based on risk analysis, the security team deploys applicable mitigation methods and security controls. Operation and maintenance of the Platform follow documented processes and plans. Continuous monitoring of information security and system performance ensures that all deviations and incidents can be responded to in a timely manner by trained and competent personnel in accordance with the incident response process.

Training and Awareness

All Midaxo employees undergo security training on a regular basis. Midaxo Platform is developed, operated, and maintained by motivated, competent personnel that are committed to maintaining a high level of information security. Continuous security education and training support them to maintain security awareness in the organization. The technical implementation of Midaxo Platform has been designed to meet customers’ strict security requirements and industry best practices.

Information Collected Using Cookies and How It's Used

You are free to explore our website without providing any information about yourself. When you visit our website or register for our services, we request that you provide Personal Information about yourself, and we collect Navigational Information.

Personal Information refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.

Navigational Information refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. We use this information to operate and improve our website. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Midaxo.

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to: (a) send information to you which we think may be of interest to you by post, email, or other means, or (b) send you marketing communications related to our business or the businesses of carefully-selected third parties which we think may be of interest to you.