Buddy was founded in 2017 by David Seisun and Jonathan Mifsud with the aim of revolutionising the conventional payroll and HR legacy desktop solution.

Buddy provides an easy-to-use, cloud-based payroll software that aims at simplifying and speed up your payroll process.

The software as a service (SaaS) itself offers world-class timesaving features such as:

  • Instant calculations and payslip reviews
  • Time & attendance rule engine
  • IBAN Transfers.

It also empowers employees by simplifying and improving the visibility of payslips, vacation management and time and attendance.

The SaaS has Maltese regulations and reports embedded right into the software, making for easy adjustments when it comes to:

  • FSS Reporting
  • Cost of Living Adjustments
  • Application of Legal Updates
  • Automated Benefit Deductions
  • Industry-Based Sick Rules
  • Automated Public Holiday Pay


  • Payroll and HR Solutions

Certification date:

  • 23/11/2020

Certification body:


With more and more companies utilising the internet to share and spread information that may be confidential, it is crucial that data security and integrity are maintained.

Many companies have started requiring that services are ISO 27001 certified in order to ensure data confidentiality, integrity and availability. Buddy teamed up with STEP to get ISO certified to not only satisfy the request of potential clients but to also create an information security-centric infrastructure that is easily maintained.

One of Buddy’s concerns was figuring out how to do internal training to make sure that every employee was knowledgeable about the ISO 27001 Implementation.


Because Buddy is a small company in terms of human resources, STEP had to make sure that every minute spent with the client was maximized and utilised effectively.

STEP made certain that the management system put in place did not add to the company’s bureaucracy or complicate its processes.

STEP’s strategy involved numerous meetings with back-and-forth discussions about the procedures and rules that were already in place within the company.

To make sure Buddy is compliant with the standard, STEP assisted in the consolidation of policies, the information security manual, the statement of applicability, risk assessments, and related support procedures.


Buddy’s employees were informed of their responsibilities in relation to the standard, and STEP conducted an impartial Internal Audit and Management Review during which Buddy’s control efficacy was confirmed. This involved looking at the correct implementation of the controls.

A list of Opportunities for Improvement (OFIs) was produced as a result of the Internal Audit and Management Review, which Buddy would use to improve their Information Security Management System.

All of this served as a precursor to the Certification Audit that SMC conducted in November 2020.

Buddy and STEP have been working hard together to ensure that the culture of information security is maintained.

I would highly recommend STEP if you are looking to becoming ISO certified, especially in relation to professional expertise and implementation.

They have helped ensure that our company and our data is more secure than it was before the journey towards ISO 27001 certification.

Jonathan MifsudCo-Founder and CTO

See all our ISO certified clients

Your certification journey starts here