Documented security
and compliance

ISAE 3402 Type 2

MyDesk is subject to an ISAE 3402 Type 2 audit conducted annually by an independent auditor. The statement covers our control environment and security processes and is available to customers under NDA.

ISAE 3402 Type 2 is an internationally recognized standard for service organizations' internal controls. The Type 2 statement not only confirms that the controls are designed correctly (Type 1), but also that they have operated effectively over a period of time.

GDPR and data processing agreement

MyDesk enters into a Data Processing Agreement (DPA) with all customers as standard. The agreement is designed in accordance with GDPR Article 28 and contains all legally required elements, including:

• Purpose and scope of the processing
• Instruction authority and limitations
• Safety measures and technical requirements
• Sub-processors and disclosure
• Assistance with data subject rights
• Deleting and returning data
• Audit and documentation

NIS2 statement

MyDesk has prepared a NIS2 statement documenting our approach to cyber security in accordance with the requirements of the NIS2 directive. The statement is available upon request and covers risk assessment, incident management, supply chain security and technical security measures.

Access to documentation

Customers and potential customers can request access to our compliance documentation via our Security Team. Documentation is typically provided under NDA and includes ISAE 3402 statement, DPA and NIS2 statement.