Technical and organizational measures
List of measures taken by Maxedy to protect validity, integrity, and availability of the data.
Physical access control
Access to the office is protected by a 4 number code combination that’s only known by Maxedy personnel. This code will be changed at regular intervals, or in case of an employee leaving Maxedy.
Data access control
Access to data is restricted and protected in multiple ways to ensure only authorized persons can access and or edit particular data.
- Password policy
- Use of password manager
- Enforce strong passwords for all accounts used by personnel
- Hard Drive encryption
- Data encryption of data in transport
- Separation of responsibilities for user accounts for the systems we work with
- Exit procedure to ensure employees who are leaving no longer have access after they left
- Clear screen/clean desk policy to prevent unauthorized persons to gain access to data
- Working remote policy
- Antivirus software
- Documented access control policy
Availability, integrity, validity controls
- Database backup process
- Automated testing
- Code review
- DTAP street for development process
- Amazon multiregion failover
Recoverability
- Emergency support procedure
- Helpdesk support
- Database backup process
- Data leak reporting procedure
- Incident management procedure
Regular evaluation of data processing
- ISO 27001 certification
- Information Security Management System
Third parties
Maxedy works with a lot of third parties that have some degree of access to the data that’s being processed. These parties are:
- VanMeijel Automatisering
- Amazon AWS
- MongoDB
- Google G Suite
- Microsoft Azure
- UserEcho