by Juha-Pekka Laine
Find me on LinkedIn
Midaxo has always taken information security seriously as we understand how crucial it is for our customers to keep their data safe. We have a comprehensive, high-quality information security management system (ISMS) for risk management and mitigation to ensure data confidentiality, integrity, and availability. Audited by KPMG, the Midaxo ISMS meets the international ISO/IEC 27001:2013 standard, and has since 2016.
Information security is not a one-time project but a continuous company-wide activity that we approach systematically. This continuous activity is formalized in the ISMS that is a framework of policies, procedures, and controls. Midaxo’s ISMS is an integrated part of Midaxo’s day-to-day operations and governance, covering Midaxo’s personnel, processes, and systems.
For us, it has been obvious to maintain and execute our ISMS in the Midaxo platform as it is designed for such a systematic process. The features such as traceability, document management, and task assignments make it a perfect solution to run the process; they also help prove in an audit that the process has, in fact, been executed. In addition, our M&A software platform functions as a storage for the final versions of the documents and for knowledge sharing.
Pipeline view shows an overview of current and historical projects. Activities having high number of tasks, can be modeled as separate projects, such as access rights review in our example.
We utilize Midaxo as a tool to run our ISO27001 certified ISMS as follows:
- We have the annual ISMS cycle as a project in the Midaxo platform. The project playbook has all planned activities for the year, including detailed actions. Their execution and outcomes are filled out in during the year. Required documents for each activity are stored under each tasks.
- We have “year clocks” for administrative and technical milestones. These include actions such as certificate renewals, asset reviews, and penetration tests. In addition, we have KPIs, improvements for each year, monthly risk management team meetings, as well as findings from various audits as action points.
- We improve the tasks structure as needed. The task hierarchy allows us to have several level of details in each action topic, as is shown in the screenshot below.
There is a trace of everything done in the platform. We can, therefore, easily track and prove that the process is executed as planned.
As Midaxo is a collaboration platform, the people involved in tasks get visibility to the instructions and information they need; they also get notified when their actions are needed. We use the platform to securely share information outside the company as well, e.g., the auditors.
Get your ISMS ready for certification
Improve your ISMS to the level that meets the ISO or other certification standards by using your Midaxo instance also for this important use-case! Our ready-made ISMS playbooks get you started quickly. Don’t hesitate to contact firstname.lastname@example.org for a demo and further discussion.