MyDesk has again this year had its ISAE 3402 Type 2 audit statement renewed – without any remarks. The independent audit, conducted by PwC, covers the period August 1, 2024 to July 31, 2025 and documents that our control environment, processes and security measures work as described and expected.

Strong focus on safety and reliability

Security is a key element in the operation of the MyDesk platform. PwC’s assurance confirms that our controls are properly designed and have operated effectively throughout the period. This includes, among other things:

• An established and updated information security policy

• Clear procedures for collaborating with external suppliers

• Continuous logging, monitoring and assessment of system events

• Structured access management and regular reviews of user rights

• Documented backup process in Microsoft Azure

• Well-defined routines for change management and testing

• An updated contingency plan to ensure continued operations during emergencies

PwC concludes that the controls are fairly described, appropriately designed and have operated effectively throughout the year.

Controls across the organization

The report shows that MyDesk works systematically with security and governance across the entire organization. Among the controls that PwC verifies are:

• Organization of information security – responsibilities, internal guidelines and requirements for external partners

• Operational controls – log analysis, capacity monitoring, antivirus protection and daily backups

• Access controls – creating, modifying and shutting down users and using multi-factor logins

• Development and maintenance – separate environments for development, test and production and documented procedures for implementing changes

• Emergency preparedness and continuity – an annually revised disaster plan outlining roles, contact routes and procedures for unforeseen incidents

These controls have all been tested by PwC, which has not identified any deviations.

Security as an integral part of our platform

MyDesk operates exclusively in Microsoft Azure, with both operations and data located in European data centers with failover structure between Ireland and the Netherlands. Systems can only be accessed via multi-factor login, and both employees and external parties are subject to clear requirements for security procedures.

The report confirms that MyDesk has maintained a stable control environment throughout the year, supported by, among other things:

• Regular reviews of rights in AD

• Documented and consistent processes for support, deployment and version management

• Regular updates to security policies and procedures

• Close collaboration with external security partners on best practices

Continued work on security and transparency

The renewal of the ISAE 3402 declaration confirms that MyDesk provides a platform with a high level of security, documentation and reliability. The audit also shows that our security work is embedded throughout the organization – from management to development, operations and customer support.

We continuously work to strengthen our security level and ensure that MyDesk continues to meet modern standards and our customers’ expectations.

The full statement of assurance can be read here.