Security, Compliance and Privacy
At XM Cyber, establishing customer trust – and ensuring it is continually upheld – is a core tenant of who we are. Read on to find out more about how XM Cyber maintains customer trust on a constant basis.
Compliance and Certifications:
XM Cyber is compliant with SOC 2 Type 2 standard. Complying with SOC 2 Type 2 means that customers are provided with assurance regarding high standards of data security, based on Trust Service Criteria. |
XM Cyber is ISO 27001 certified. XM Cyber develops its ISMS (Information Security Management System) in accordance with ISO 27001 international standard. |
XM Cyber is General Data Protection Regulation (EU GDPR) compliant. XM Cyber respects the privacy of its customers and is committed to protecting their personal information by implementing and continuously improving technical and organizational measures. |
BSI C5 Compliance. XM Cyber complies with BSI C5, a cloud security standard from the German Federal Office for Information Security, ensuring top-tier security, transparency, and regulatory alignment for our cloud services. |
XM Cyber is an official partner of AWS, which means it is restricted and evaluated by AWS’s official Foundational Technical Review (FTR) framework. |
Security Approach
- XM Cyber utilizes Amazon Web Services (AWS) secured servers. All data is securely stored and encrypted.
- By default, XM Cyber customer data is protected in transit using Transport Layer Security (TLS) and at rest with a data key using the industry-standard AES-256 encryption.
- XM Cyber has implemented restricted access controls based on the principle of least privilege to ensure that only authorized personnel can access our systems and data. XM Cyber uses multi-factor authentication (MFA) and single sign-on (SSO) to provide an additional layer of security for our users. In addition, we have implemented Zero Trust-based CIA (Confidentiality, Integrity, Availability), which provides continuous authentication and authorization for our applications. This approach allows us to detect and respond to any suspicious behavior or unauthorized access attempts in real time.
- XM Cyber uses backup and recovery services to protect customer data against data loss, data leakage, and data tampering.
- XM Cyber uses automatic scaling infrastructure to ensure its services can handle increased traffic and load. With autoscaling, XM Cyber’s infrastructure automatically adjusts the number of resources allocated to XM Cyber services based on traffic and demand.
Privacy and Confidentiality
- XM Cyber is committed to protecting the privacy and confidentiality of its customers’ data. As a result, XM Cyber adheres to all applicable privacy laws and regulations, including GDPR.
- XM Cyber only collects, processes, and uses Personal Data for specific and legitimate purposes, and will not share any Personal Information it collects with any third party.
- XM Cyber has implemented technical and organizational measures in accordance with Article 32 of GDPR. These measures are continuously improved by XM Cyber according to feasibility, including annual audits certifications, maintenance of ISMS framework of ISO 27001, and enforcement of SOC 2 Type 2 controls in order to maintain a higher level of security and protection.
Monitoring
- XM Cyber continuously monitors systems to detect any anomalies or suspicious behavior and respond to them in real-time.
- XM Cyber’s security team is alerted to any anomalous activity so it can be immediately authenticated or contained and remediated.
- XM Cyber maintains a 24/7 Operations Center to constantly monitor our customer solutions.