Security at Xakia
Xakia was built from the ground up to ensure your most sensitive data is secure
World-class information security management for in-house legal teams
Xakia is certified as compliant with ISO/IEC 27001:2013, SOC 2 and HIPAA - the leading global information security standards.
Our comprehensive technical, physical and legal controls deliver enterprise grade security you can trust. Keeping our customer's data safe is our top priority and we are committed to staying at the forefront of security best practices by continually improving our information security programs.
To request a copy of our ISO 27001 certificate, SOC 2 report or Information Security Pack, complete the form and we'll be in touch with you shortly with more details.
Request our ISO/IEC 27001:2013 certificate or SOC 2 report
SOC 2
Service Organization Control Type 1 certification
HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
ISO 27001
ISO 27001:2013 Certification
Security compliance
SOC 2
The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It provides third-party validation that Xakia has implemented and is operating with security best practices. The SOC 2 certification shows that Xakia has deeply invested in maintaining a commitment to cybersecurity.
The SOC 2 certificate means that we have the controls and structures in place to ensure we meet the security standards our customers expect when it comes to their data.
Get in touch with the Xakia team today to request a copy of the SOC 2 report.
HIPAA compliance
Our work in achieving SOC 2 certification has also helped us in our goal to achieving HIPAA compliance. For those not aware, the Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that regulates how companies and healthcare providers handle protected health information (PHI) to ensure proper data security.
ISO 27001 - ISO 27001:2013 Certification
ISO/IEC 27001 is an international standard for information security management systems (ISMS). Certification shows that an organization has systems in place to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles within this International Standard.
To request a copy of our ISO/IEC 27001:2013 certificate, get in touch with the Xakia team today.
Powerful access control
Xakia gives you complete control over who accesses your data.
Granular permissions
With Xakia you have complete control over what data your users can access, including the ability to grant or revoke access based on roles, teams, locations or by individual.
Multifactor Authentication
In addition to requiring user passwords that meet industry best practice requirements, Xakia’s multifactor authentication feature uses the industry leading TOTP protocol, adding a powerful second layer of security.
Single Sign On
Xakia supports Single Sign On using OpenID Connect (OIDC), ensuring your organisation’s unique password policies are enforced in Xakia too.
Matter-level confidentiality
Xakia gives you the tools to maintain confidentiality and legal privilege for specific matters. By marking an individual matter as confidential, access is restricted only to those team members working on the matter and others you’ve specifically designated as having access.
Even better, if you use Xakia’s in-built document management system (DMS) or have connected Xakia to your DMS, the documents you save there will inherit the same controls.
Robust data security
Xakia takes a multi-faceted approach to ensuring the security and availability of your data.
Enterprise-grade encryption protects your data AND documents
We use best practice encryption algorithms to encrypt your data – whether it’s in use, in transit, or in storage (at rest).
Unlike others, we don’t stop at data encryption – Xakia also encrypts all documents that you and your business users upload, so there are no backdoors to your data.
Backups to ensure recoverability
With Xakia, your data, including access logs, is backed up to a separate location every five minutes and stored for 35 days – so we’re ready for the unexpected.
Storage
Data is held in ISO-certified secure services, which are protected by first-class infrastructure, practices and security. The Xakia platform is hosted on Microsoft Azure at Tier III, SSAE 16/ISAE 3402, PCI DSS, ISO/IEC 27001:2013, HIPAA, FedRAMP, SOC 1, and SOC 2 compliant facilities; including regional compliance standards Australia IRAP, UK G-Cloud, and Singapore MTCS.
Vulnerability Scanning and Penetration Testing
Xakia uses third party security tools to constantly scan for vulnerabilities in the Xakia platform. Our dedicated information security team respond to issues raised immediately. Once a year we engage third-party security experts to perform detailed penetration tests on the Xakia application and infrastructure.
Proactive protection and monitoring
At Xakia, we’re constantly monitoring our environment for potential threats and vulnerabilities to keep your data safe.
Secure development
Best engineering practices and secure devops principles are implemented. This along with secure coding guidelines ensures that security is our highest priority.
Data sovereignty and privacy
Xakia’s thoughtful approach to data sovereignty and privacy makes navigating this complex area easier.
It’s your data
Our Terms of Service are clear: your data is yours, and we will only access or use it in the limited circumstances described in those terms.
Compliance by design
We’ve designed Xakia to keep the personal information you need to share with us to an absolute minimum.
With Xakia you can choose where you store your data: Australia, Canada, the Netherlands, the United Kingdom or the United States.
What’s more, you can choose different data locations for different users, allowing you to comply with the data sovereignty and privacy laws that apply to your organisation, and minimising cross-border data transfers.
Back ups are kept in a separate location in the same country.
Privacy
Xakia has undergone third party expert reviews to ensure compliance with privacy obligations, including the US Health Insurance Portability and Accountability Act of 1996 (HIPAA).
GDPR compliance
At Xakia Technologies, we are fully committed to GDPR compliance. For EU and UK based customers, we offer the option to store customer data on Microsoft Azure servers in the UK or the Netherlands. We strictly limit data provided to sub-processors to the minimum required. We also offer a GDPR-compliant Data Processing Agreement that sets out Xakia's technical and organizational measures, reflecting our dedication to meeting our customers' data protection needs.
HR and additional security features
Security is in our DNA, from our Xakia employees to the product. Everyone at Xakia is part of our mission to achieve better security.
Training
All Xakia employees complete Security and Awareness training at least annually.
Requirements for the responsible handling of data, including any types of personal information are communicated to all staff as part of their induction into Xakia.
Any changes to any of these requirements are communicated as and when it is rolled out and all Xakia staff members complete an annual refresher training.
Policies
Xakia has developed a comprehensive set of robust security policies covering a range of governance, risk, and compliance topics. These policies are shared with and made available to all employees and contractors before granting any access to Xakia’s information assets.
Confidentiality
All employees are bound to strict confidentiality obligations when they join Xakia. This includes any client information that they may become aware of.
Confidentiality obligations are also put in place with all vendors or sub-processors along with appropriate services contracts.
Background verification checks
All new employees at Xakia undergo police and reference checks upon onboarding to ensure security before access to data is granted.
Continually improving our information security program
We strive to deliver the most robust and professional experience for our users. Keeping our customer's data safe is our top priority and we are committed to staying at the forefront of security best practices by continually improving our information security programs.
Useful links
Trusted by leading companies and organizations worldwide
Major companies and organizations around the world have reviewed our security practices and have chosen to trust us with their most sensitive data. Hear why they choose Xakia here.
Find out more about our approach to security
If you want to know more about our approach to information security, you can request a copy of our Information Security Pack. Simply complete the form and we’ll be in touch with more information.