Secure application and
integration

Secure software development

MyDesk follows a structured SDLC (Software Development Life Cycle) with security integrated in all phases. Code changes go through peer review, automated security scans and testing before deployment to production.

Change Management

All changes to the production environment follow a formal change management process that includes:

• Documented change request with risk assessment
• Approval from relevant stakeholders
• Test in a staging environment before production
• Rollback plan in case of failure
• Post-deployment verification
• Audit log of all changes

Microsoft Graph and API security

MyDesk integrates with Microsoft 365 via the Microsoft Graph API with the least privilege principle. We only request the specific Graph rights needed to deliver the service. All API calls are logged and monitored.

Logical isolation between customers

In MyDesk's multi-tenant architecture, all customers are logically isolated. Customer data is segregated at the database level with row-level security, and application logic ensures that one customer's data is never accessible to another.

Vulnerability management

MyDesk performs regular vulnerability scans of the application and infrastructure. Identified vulnerabilities are prioritized and handled in accordance with our patch management procedure.