How We Work with Security at Xledger

IT Operations Department

At Xledger, our IT Operations department plays a crucial role in maintaining the stability, security, and efficiency of our IT infrastructure. The department is responsible for managing our cloud environment, ensuring seamless operation of our systems, and providing support for various IT-related tasks. Our IT Operations team works closely with other departments to implement best practices, monitor performance, and address any issues that may arise. They are dedicated to maintaining high standards of security and compliance, ensuring that our clients’ data is always protected.

Data Privacy and GDPR Compliance

We are ISAE 3000 certified and take our data management responsibilities seriously. Xledger complies with all aspects of current data protection legislation and is committed to GDPR compliance. Our data protection framework is based on the principles of the EU General Data Protection Regulation (GDPR), ensuring that all personal data is handled in line with the regulations.

Customer Data Security

At Xledger, we believe that your data is yours and only yours. Our multi-tenant solution ensures the security and segregation of customer data. We do not use customer data in our test and development environments, and we do not share your data with any partners or suppliers. All data is stored in Norway.

Multi-Factor Authentication (MFA) and Single Sign-On (SSO)

We support the latest security functions such as MFA, including Google Authenticator, Microsoft Authenticator, SMS, and email. We highly recommend our customers use MFA to protect their data. Additionally, SSO to Xledger is supported through Azure, Okta, CyberArk, and Microsoft ADFS, providing enhanced security and greater control over access to data.

Vulnerability Management and Penetration Testing

Xledger continuously monitors our internal environment and internet-facing assets for vulnerabilities. We conduct regular penetration tests on the Xledger application performed by independent third-party security providers. Based on these tests, we upgrade and update our assets to enhance our security posture.

Logging and Auditing

To comply with audit requirements, customer actions and locations are logged in the application and can be audited. This ensures transparency and accountability in our operations.

Third-Party Suppliers

Xledger does not use any third-party resources in the development of the application, nor do third-party resources have access to the application. We use third-party suppliers for renting rack space and internet lines in our data centers, but they do not have access to the application solution. These suppliers are audited as part of our ISO 27001 and ISAE 3402 Type 2 certifications.

Data Storage and Access

Our cloud environment is situated in Norway, providing better control and security. Access to data is limited to employees in our DevOps and IT Operations teams, according to their roles. Physical access to hardware in data centers is also restricted and audited annually.

Business Continuity Planning (BCP)

Xledger recognizes the importance of continuous operations and access to data for our customers in case of disasters. We have comprehensive BCP plans that are regularly tested against various scenarios to ensure the integrity of our backups. A complete functional restore test of the production database backup is conducted biweekly.

Compliance and Audits

Our information security compliance is ensured through various audits, including independent third-party compliance audits against ISO 27001:2022, ISAE 3402 Type 2 and ISAE 3000 standards. We also conduct network vulnerability scans and foundation audits to review technical controls and build processes.

At Xledger, we are dedicated to maintaining the highest standards of security to protect our clients’ data and ensure their peace of mind.