Security
you can
trust.
MyDesk is built with security and data protection at its core. Here you'll find documentation, policies and contact details for our security team.
ISAE 3402 Type 2
Annual audit of our control environment and security processes
Microsoft Azure - EU/EEA
All data is processed and stored within the EU/EEA
GDPR & NIS2
Data Processing Agreement according to GDPR art. 28 and NIS2 Compliant
SSO & MFA via Entra ID
Microsoft Entra ID as central identity and access management
All about security and compliance
Our Security Center gives customers, IT departments and procurement teams a comprehensive overview of how MyDesk works with information security, data processing and documentation.
Compliance & Assurance
ISAE 3402 Type 2, GDPR data processing agreement and NIS2 statement. Documented control environment for security reviews and procurement processes.
Read moreIdentity & Access Management
SSO via Microsoft Entra ID, MFA, passwordless, role-based access and least privilege. No shared accounts.
Read moreData Protection & Privacy
Data processing agreement as standard. Encryption in transit and at rest. Controlled deletion and assistance with data subject rights.
Read moreInfrastructure & Hosting
100% cloud-based SaaS in Microsoft Azure. EU/EEA based data processing. Separation between test and production.
Read moreBackup & Disaster Recovery
Daily backup with minimum 30-day retention. Point-in-time restore via Azure. Documented break-glass procedure.
Read moreLogging & Monitoring
Azure-based monitoring, audit logs on administrative changes and minimum 30-day log retention. SIEM integration possible.
Read moreApplication & Integration Security
Formal change management, Microsoft Graph with least privilege, documented APIs and logical isolation between customers.
Read moreIncident Management
Documented incident response process. Early warning within 24 hours, status update within 48 hours and final report.
Read moreSub-processors
Transparent overview of approved sub-processors. Microsoft Ireland Operations as central hosting partner.
Read moreCustomer responsibility
Security is a shared responsibility. This describes the customer's own responsibility for user management, identity policies and configuration.
Read moreOnboarding & Enterprise Setup
Enterprise Application in Microsoft Entra ID, app registration, certificate-based integration and Graph rights.
Read moreDocumentation Center
Unified document library with DPA, NIS2 statement, ISAE 3402, SLA and security whitepapers. Open and gated material.
Read moreSecurity in every layer
From infrastructure to application, security is an integral part of how MyDesk is designed, operated and audited.
Security by Design
Security is anchored in management and built in from the start - not added afterwards.
Privacy by Design
Data protection and GDPR compliance is part of the architecture, not an afterthought.
Documented compliance
ISAE 3402 Type 2, NIS2 statement and data processing agreement are available upon request.
Continuous improvement
Risk assessment, auditing and follow-up ensure continuous improvement of the safety level.
Contact our
Security Team
Do you have questions about information security, data processing, compliance or documentation? Contact us directly - we respond quickly and accurately.
