Skip to main content
Skip table of contents

Compliance

MyQ X's comprehensive compliance framework demonstrates its commitment to meeting the highest international security standards and regulatory requirements. This multi-layered approach ensures organizations can confidently deploy MyQ X while satisfying diverse compliance mandates across industries and jurisdictions.

ISO 27001:2022 Certification and Implementation

MyQ has achieved ISO/IEC 27001:2022 certification, establishing a systematic approach to information security management that meets international best practices. The implementation encompasses:

Risk Management Framework: Comprehensive risk assessment processes that identify, evaluate, and mitigate information security risks across all business operations and customer deployments.

Security Controls Implementation: Structured deployment of technical, administrative, and physical security controls that protect information assets throughout their lifecycle.

Continuous Improvement Process: Regular reviews and updates of security policies, procedures, and controls to address evolving threats and maintain certification compliance.

Management Commitment: Executive-level oversight ensuring security remains integrated into business strategy and operational decision-making processes.

The certification validates MyQ's systematic approach to protecting customer data and maintaining the confidentiality, integrity, and availability of information systems.

GDPR Compliance Framework and Data Protection Measures

MyQ X implements comprehensive GDPR compliance through privacy-by-design principles embedded throughout the system architecture:

Data Minimization: The system collects only essential metadata required for operational functionality, avoiding unnecessary personal data processing that could increase compliance risks.

User Rights Management: Complete implementation of GDPR user rights including:

  • Right of access to personal data

  • Right to rectification of inaccurate information

  • Right to erasure ("right to be forgotten")

  • Right to data portability

  • Right to restrict processing

Data Protection Impact Assessments: Systematic evaluation of privacy risks for new features and deployments, ensuring GDPR compliance is maintained throughout system evolution.

Regional Compliance Requirements (HIPAA, SOX)

MyQ X supports critical industry-specific compliance frameworks through robust data protection and audit capabilities:

HIPAA Compliance for Healthcare:

  • Encryption of Protected Health Information (PHI) at rest and in transit.

  • Comprehensive audit logging of all access to sensitive health data.

  • Role-based access controls restricting PHI access to authorized personnel only.

  • Secure backup and recovery procedures for healthcare data retention requirements.

SOX Compliance for Financial Services:

  • Detailed audit trails for financial document processing and printing.

  • Access controls preventing unauthorized modification of financial records.

  • Secure archival capabilities supporting regulatory retention requirements.

  • Segregation of duties through role-based permissions and approval workflows.

Additional Security Controls:

  • Database encryption using industry-standard algorithms.

  • Secure communication protocols for all data transmission.

  • Automated backup procedures with encryption and integrity verification.

  • Access logging and monitoring for compliance reporting.

Secure Software Development Lifecycle (SSDLC) Practices

MyQ implements a Secure Software Development Life Cycle aligned with industry standards and SLSA supply-chain requirements, ensuring that security practices are embedded across all phases of the software lifecycle.

Analysis

MyQ performs rigorous Threat Modeling and defines clear Security Requirements during the initial analysis phase, enabling early risk identification and establishing a strong security baseline before design begins.

Design

All architectural proposals undergo formal Security Architecture Reviews to validate adherence to principles like Least Privilege, Zero Trust, and Defense in Depth, ensuring that security is systematically embedded into system design.

Development

Developers follow Secure Coding Practices and peer-review processes while all builds run on dedicated, isolated SLSA-compliant Build Servers, ensuring protection of source integrity and build artifacts.

Testing

Security testing includes automated SAST and Dependency Scanning integrated into CI pipelines, enabling early detection of vulnerabilities in both custom code and third-party components.

Deployment

All release artifacts are protected through Code Signing and verified during deployment, ensuring Integrity, Authenticity, and controlled delivery into production environments.

Maintenance

Post-deployment, systems undergo continuous Monitoring and structured Patch Management, ensuring ongoing alignment with evolving threats and Security Best Practices.

Regular Security Audits and Penetration Testing

MyQ maintains robust security validation through systematic testing and assessment programs:

Automated Penetration Testing: Integration with Qualys security platform provides continuous vulnerability assessment and penetration testing for all software releases.

Third-Party Security Assessments: Independent security audits conducted by qualified external organizations to validate security controls and identify potential improvements.

Internal Security Reviews: Regular internal assessments of security policies, procedures, and technical controls to ensure continued effectiveness and compliance.

Vulnerability Response Process: Structured procedures for addressing identified security issues, including timeline requirements for patch development and deployment.

Software Bill of Materials and Vulnerability Management

MyQ implements comprehensive supply chain security through detailed component tracking and vulnerability management:

SBOM Publication: Complete Software Bill of Materials documentation identifying all third-party components, libraries, and dependencies used in MyQ X systems.

Automated Vulnerability Scanning: Continuous monitoring of component databases for newly identified vulnerabilities affecting MyQ X dependencies.

Rapid Patch Management: Systematic process for evaluating, testing, and deploying security updates for third-party components, with prioritization based on risk assessment.

Component Version Control: Detailed tracking of all software components including version numbers, security patch levels, and update schedules as documented in release notes.

Supplier Security Assessment: Evaluation of third-party software suppliers to ensure they maintain appropriate security standards and vulnerability disclosure processes.

This comprehensive compliance framework ensures MyQ X meets diverse regulatory requirements while maintaining the highest standards of information security and data protection across all operational environments.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close