ISO 27001 Certified and HIPAA Compliant

Microdium is ISO 27001 certified which is an internationally recognized accreditation for information security management. We are also HIPAA certified and can provide a BAA Agreement on request.

Cloud Security Alliance (CSA)

Microdium participates in the Cloud Security Alliance STAR (Security, Trust and Assurance Registry) program using CSA’s Cloud Controls Matrix (CCM). CCM is a framework of cloud-specific security controls ensuring that participating organisation adhere to leading industry standards, best practices and regulations.

Data Security and Encryption

All data is stored in Amazon S3 storage and encrypted using advanced AES-256 bit encryption algorithms. Transmitted data is encrypted and secured using SSL (HTTPS) enabled servers.

Microdium uses a unique encryption key for each customer, and the keys are securely stored. Use of a unique S3 folder for each customer ensures data isolation.

Additionally, every backup task has its own initial vector, which is stored securely and separately from the user key. This technique helps Microdium to encapsulate the users’ data.

Our servers are strongly secured, hardened and include the latest security patches. Only a very limited number of Microdium’s core team members have access to production keys.

User Credentials

Microdium uses industry standard OAuth for permission based access when possible, eliminating the need to enter or store user credentials on the Microdium system.

The OAuth “token” limits access to exactly what Microdium needs to do and doesn’t provide general access to your account. You can revoke authorization at any time.  If OAuth is not available for a specific service then credentials are stored using advanced AES-256 bit encryption algorithms.

Two-Factor Authentication

Payment processing, including credit card information, is hosted by our payment processor which is fully PCI compliant. No payment information is handled or stored on the Microdium system.

Payment Processing

You can add Two-Factor authentication to your Microdium account for additional security from the Account Settings page using any industry standard authentication app.

Microdium Website & Application

Our website has a Secure Security Authorization Certificate issued by GoDaddy, and our application was reviewed and verified secure by Microsoft,, Google and Amazon Web Services, and our application was reviewed and verified secure by Microsoft,, Google and Amazon Web Services.

Data Access

Customer backup data is not accessible directly, it can only be accessed using the Microdium platform. Microdium backups can only be activated, deactivated or restored by the customer’s Data Administrator.

Internal Microdium staff do not have access to customer data, and only a limited number of core team members have access to production keys based on a “need to know” policy for problem resolution.

Data Retention

All backup data is retained as long as you maintain your Microdium subscription. If you choose to cancel your subscription, your data will be deleted from the Microdium archives within 2-weeks.

If you deactivate an individual user backup or database table/domain, that data will be deleted within 24 hours so we recommend downloading the data prior to de-activation if you want to retain the backed up data for local archiving.

Data Privacy

Microdium archives can optionally be stored in Amazon U.S., European or Australian data centers as need for compliance with data privacy directives.

Partner Certification

Microdium is certified Microsoft Platform Ready and has been tested and verified secure by Amazon Web Services,, and Google Apps.

Get Started Today

Sign up for a 15 days free trial (no credit card required)


  • ISO 27001 and HIPAA Certified
  • Advanced AES-256 bit encryption
  • SSL (HTTPS) enabled servers
  • OAuth permission based access
  • PCI compliant payment processor
  • Certified by Microsoft,, Google and AWS

“A 2013 report from The Aberdeen Group found that 32% of companies surveyed lost critical cloud data, and of these, 64% were due to users deleting or overwriting the data. Lack of adequate backup for is a massive exposure for SMBs and Enterprises.”

“Once the set up was done, which was painless it just runs and we forget about it. Response to any queries are quickly dealt with which is a breath of fresh air in today’s crowded work schedules.”