LOGEX

"Codacy makes sure that we do security testing on code automatically so the developer doesn't have to care about it."

LOGEX Customer Story

About LOGEX

LOGEX is a leading healthcare analytics company with the mission of turning data into better healthcare. Currently available in the UK, Netherlands, Finland, Sweden, and Norway, LOGEX aims to become the number one healthcare data analytics provider in Europe.

The main programming languages used by the LOGEX development team include .NET (C#), JSON, JS, Shell, Markdown, Dockerfile, CSS, and SQL. They use Bitbucket as their version control system.

Challenge

Data concerning health is highly sensitive since it consists of information that reveals an individual's overall health and medical history. Therefore, LOGEX must respect specific standards to protect those data.

Besides the European GDPR and the Dutch NEN 7510 certificate, LOGEX must comply with ISO/IEC 27001:2013 and prove its compliance to external auditors. Codacy helps LOGEX achieve its highly demanding code security goals to obtain the ISO/IEC 27001:2013 certification.

LOGEX clients know that LOGEX complies with strict standards regarding information security and that the company is carefully handling their highly sensitive health data.

“This certification tells our clients we are compliant with good security practices and that they are audited yearly.” In summary, it’s proof that LOGEX is taking security seriously," said Tim Von Loosbroek, LOGEX's head of infrastructure and security. 

With Codacy

On the one hand, Codacy helps developers meet high-security standards and prevent critical issues and vulnerabilities. On the other hand, Codacy reassures management that all security testing is being carried out throughout their product and gives them an overall view of the quality of the code.

Developers are also pleased with Codacy because it removes pressure from their side and makes their lives easier when coding. Codacy guarantees the security testing of code written by developers automatically.

When it's time for the yearly ISO 27001 checkup, Codacy is there to help.

"By using the [Codacy] tool we can fulfill that requirement and prove to the auditor, and it's a big help for our developers," Van Loosbroek said. 

In fact, LOGEX developers present Codacy dashboards to the auditor. This is a way to confirm LOGEX complies with the technical controls in A.14.2.8. The auditor then writes in the report that he has seen, first hand, the results of the code analysis.

Future

The next step for LOGEX will be using Codacy for code standardization across all developers and define coding standards. 

"We will have some debate on code styles (…) it is something we would like to have," Van Loosbroek added. 

LOGEX also plans to use Codacy to improve their quality gates. 

"In the end, what we want to do is if it doesn't meet the quality gates, we will block the pull request," he said, adding that this additional step will further reinforce their commitment to their already high-security standards.

We look forward to seeing what LOGEX accomplishes in its mission of turning data into better healthcare. Always with code security and quality in mind!