Security at Xakia

Xakia was built from the ground up to ensure your most sensitive data is secure 

World-class information security management for in-house legal teams

Xakia is certified as compliant with ISO/IEC 27001:2013, SOC 2 and HIPAA - the leading global information security standards.

Our comprehensive technical, physical and legal controls deliver enterprise grade security you can trust. Keeping our customer's data safe is our top priority and we are committed to staying at the forefront of security best practices by continually improving our information security programs.

To request a copy of our ISO 27001 certificate, SOC 2 report or Information Security Pack, complete the form and we'll be in touch with you shortly with more details.

Request our ISO/IEC 27001:2013 certificate or SOC 2 report



Service Organization Control Type 1 certification



Health Insurance Portability and Accountability Act (HIPAA)


ISO 27001

ISO 27001:2013 Certification

Security compliance


The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It provides third-party validation that Xakia has implemented and is operating with security best practices. The SOC 2 certification shows that Xakia has deeply invested in maintaining a commitment to cybersecurity.

The SOC 2 certificate means that we have the controls and structures in place to ensure we meet the security standards our customers expect when it comes to their data.

Get in touch with the Xakia team today to request a copy of the SOC 2 report.

HIPAA compliance

Our work in achieving SOC 2 certification has also helped us in our goal to achieving HIPAA compliance. For those not aware, the Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates how companies and healthcare providers handle protected health information (PHI) to ensure proper data security.

ISO 27001 - ISO 27001:2013 Certification

ISO/IEC 27001 is an international standard for information security management systems (ISMS). Certification shows that an organization has systems in place to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles within this International Standard.

To request a copy of our ISO/IEC 27001:2013 certificate, get in touch with the Xakia team today.

information security - access control

Powerful access control

Xakia gives you complete control over who accesses your data.

Granular permissions

With Xakia you have complete control over what data your users can access, including the ability to grant or revoke access based on roles, teams, locations or by individual.

Multifactor Authentication

In addition to requiring user passwords that meet industry best practice requirements, Xakia’s multifactor authentication feature uses the industry leading TOTP protocol, adding a powerful second layer of security.

Single Sign On

Xakia supports Single Sign On using OpenID Connect (OIDC), ensuring your organisation’s unique password policies are enforced in Xakia too.

Matter-level confidentiality

Xakia gives you the tools to maintain confidentiality and legal privilege for specific matters. By marking an individual matter as confidential, access is restricted only to those team members working on the matter and others you’ve specifically designated as having access.

Even better, if you use Xakia’s in-built document management system (DMS) or have connected Xakia to your DMS, the documents you save there will inherit the same controls.

legal analytics software

Robust data security

Xakia takes a multi-faceted approach to ensuring the security and availability of your data.

Enterprise-grade encryption protects your data AND documents

We use best practice encryption algorithms to encrypt your data – whether it’s in use, in transit, or in storage (at rest).

Unlike others, we don’t stop at data encryption – Xakia also encrypts all documents that you and your business users upload, so there are no backdoors to your data.

Backups to ensure recoverability

With Xakia, your data, including access logs, is backed up to a separate location every five minutes and stored for 35 days – so we’re ready for the unexpected.


Data is held in ISO-certified secure services, which are protected by first-class infrastructure, practices and security.  The Xakia platform is hosted on Microsoft Azure at Tier III, SSAE 16/ISAE 3402, PCI DSS, ISO/IEC 27001:2013, HIPAA, FedRAMP, SOC 1, and SOC 2 compliant facilities; including regional compliance standards Australia IRAP, UK G-Cloud, and Singapore MTCS.

Vulnerability Scanning and Penetration Testing

Xakia uses third party security tools to constantly scan for vulnerabilities in the Xakia platform. Our dedicated information security team respond to issues raised immediately. Once a year we engage third-party security experts to perform detailed penetration tests on the Xakia application and infrastructure.

Proactive protection and monitoring

At Xakia, we’re constantly monitoring our environment for potential threats and vulnerabilities to keep your data safe.

Secure development

Best engineering practices and secure devops principles are implemented. This along with secure coding guidelines ensures that security is our highest priority.

information security - data sovereignty and privacy

Data sovereignty and privacy

Xakia’s thoughtful approach to data sovereignty and privacy makes navigating this complex area easier.

It’s your data

Our Terms of Service are clear: your data is yours, and we will only access or use it in the limited circumstances described in those terms.

Compliance by design

We’ve designed Xakia to keep the personal information you need to share with us to an absolute minimum.

With Xakia you can choose where you store your data: Australia, Canada, the Netherlands, the United Kingdom or the United States.

What’s more, you can choose different data locations for different users, allowing you to comply with the data sovereignty and privacy laws that apply to your organisation, and minimising cross-border data transfers.

Back ups are kept in a separate location in the same country.


Xakia has undergone third party expert reviews to ensure compliance with privacy obligations, including the US Health Insurance Portability and Accountability Act of 1996 (HIPAA).

GDPR compliance

At Xakia Technologies, we are fully committed to GDPR compliance. For EU and UK based customers, we offer the option to store customer data on Microsoft Azure servers in the UK or the Netherlands. We strictly limit data provided to sub-processors to the minimum required. We also offer a GDPR-compliant Data Processing Agreement that sets out Xakia's technical and organizational measures, reflecting our dedication to meeting our customers' data protection needs.

data privacy

HR and additional security features

Security is in our DNA, from our Xakia employees to the product. Everyone at Xakia is part of our mission to achieve better security.


All Xakia employees complete Security and Awareness training at least annually.

Requirements for the responsible handling of data, including any types of personal information are communicated to all staff as part of their induction into Xakia.

Any changes to any of these requirements are communicated as and when it is rolled out and all Xakia staff members complete an annual refresher training.


Xakia has developed a comprehensive set of robust security policies covering a range of governance, risk, and compliance topics. These policies are shared with and made available to all employees and contractors before granting any access to Xakia’s information assets.


All employees are bound to strict confidentiality obligations when they join Xakia. This includes any client information that they may become aware of.

Confidentiality obligations are also put in place with all vendors or sub-processors along with appropriate services contracts.

Background verification checks

All new employees at Xakia undergo police and reference checks upon onboarding to ensure security before access to data is granted.

Continually improving our information security program

We strive to deliver the most robust and professional experience for our users. Keeping our customer's data safe is our top priority and we are committed to staying at the forefront of security best practices by continually improving our information security programs.

Useful links



Trusted by leading companies and organizations worldwide

Major companies and organizations around the world have reviewed our security practices and have chosen to trust us with their most sensitive data. Hear why they choose Xakia here.

coca-cola - Xakia legal matter management software customer
syneos health
bluescope logo
serco logo
woolworths group logo

Find out more about our approach to security

If you want to know more about our approach to information security, you can request a copy of our Information Security Pack. Simply complete the form and we’ll be in touch with more information.

Request our information security pack

Some of the leading brands around the world who trust and love Xakia

coca-cola - Xakia legal matter management software customer
university of waterloo - customers who love and trust Xakia
woolworths group - customers who love Xakia
wesfarmers - customers who love Xakia
kcata - customers who love Xakia
optus - customers who love Xakia
bluescope - customers who love Xakia
syneos health - customers who love Xakia
accolade wines
contact energy
the Lottery Corporation
movember foundation
healthscope - Xakia legal matter management software customer
healius - customers who love Xakia

Ready to take Xakia for a test drive?