We take security very seriously
Information security
The trust placed in Xakia by our clients to protect their data is not something we take lightly - just ask any of these brands that trust us with their data. We combine enterprise-grade security features with comprehensive audits of our software applications, systems and networks to ensure you and your business data are always protected.
Learn how we protect your data
You can request further details about our information security. Simply complete the form and we’ll be in touch with more information.
Data protection
Backup
All data is stored on Microsoft Azure which has a 99.9% up-time SLA. Data is transactionally backed up every 5 minutes and each backup is stored for 35 days. This includes access logs.
Encryption
Xakia supports and implements encryption at rest of customer data using 256- bit AES encryption.
All communications between Xakia services are encrypted using industry standard HTTPS. This ensures that all traffic between you and Xakia, including email notifications, is secure during transit. Data in transit is encrypted using TLS 1.2.
Processing
Data is stored with our cloud provider, Microsoft Azure. It is only processed for the purpose of providing the service. No other information, personal or otherwise, is processed by a third-party.
Authentication
Xakia follows secure credential storage best practices and has government level password requirements for users.
Xakia can be configured to only allow access from specific IP address ranges you define.
Xakia supports Single Sign On using OpenID Connect (OIDC).
Xakia supports Multi-factor authentication.
Ownership
Data remains the property of our customers at all times.
Application security
Realtime monitoring and alerts
Azure monitors major application data flow ingress and egress points with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats.
Application vulnerability scanning
Xakia uses a combination of Azure monitor and Azure Security Center for managing our security.
Audits
Penetration testing
In addition to our extensive internal scanning and testing program, and external on-going scanning, Xakia employs third-party security experts to perform a broad penetration test across the Xakia application on a semi-annual basis.
Third-party penetration is conducted following the CREST standard for information security testers. The Organisation and its employees are approved and certified by CREST.
ISO 27001: Information security management system audits
We conduct periodic internal audits of our infrastructure and procedures ensure we remain compliant with our internal policies and ISO 27001 requirements.
Additionally, we have an annual audit from a third party to ensure the same and validate our ISO 27001 certification and associated Information Security Management System.
Secure development
Training and process
Testing and staging environments are separated physically and logically from the production environment. No client data is used in the development or test environments.
At least annually, engineers participate in secure code training. This training covers OWASP Top 10 security flaws, common attack vectors, and Xakia security controls.
We utilize framework security controls to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
Environments
Testing and staging environments are separated physically and logically from the production environment. No client data is used in the development or test environments.
Automation testing
Xakia has implemented automation testing in the development pipeline, prior to production deployment.
Source code and version control
Access control to program source code is provided by Azure devops. Developers are granted access to repositories required to perform their specific responsibilities, in accordance with our access policy.
Human Resource security
Access
In accordance with our Asset Classification Policy, any changes or additions to access permissions are approved by the asset owner on a need-to-access basis. A record of asset access covering all employees is kept. Access levels are only granted if it is necessary to perform on-going employment responsibilities.
Xakia uses a range of stringent enforced password policies, multifactor authentication, and SSO for any employee access to confidential information.
Background checks
Xakia performs background checks on all new employees in accordance with local laws. The background check includes Criminal, Education, and Employment verification.
Confidentiality
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality clauses as part of their employment agreements.
Security awareness
All new employees attend Security Awareness Training, and the Security Team provides security awareness updates via email, blog posts and in presentations during internal events. All Xakia employees complete quarterly information security training reviews; or sooner if major changes to our ISMS requires employee education.
Quarterly internal audits and annual external (third-party) audits are conducted to ensure policies and procedures for information security are being followed by all employees.
Learn how we protect your data
You can request further details about our information security. Simply complete the form and we’ll be in touch with more information.
Request our information security pack
Some of the leading brands around the world who trust and love Xakia















