• Home
• > Technology
• > Hosting capabilities
• >Information security

Your information is locked up tight

Employee screening

Every xMatters employee in operations, development or related areas must follow our code of conduct, sign confidentiality agreements, and follow our information security policies.

Employee training

Separation of duties - We have multiple organizations and teams responsible for security related matters. Our head of operations is responsible for the security program, security and technology audit and compliance of our providers. Employees are prevented from system access in areas they are not directly responsible for; for instance, our developers do not have access to our clients systems while employees in our operations team do not have code level access.

Physical security

We know you are entrusting us with your most important assets. We have taken extensive measures to ensure your information is safe from harm. The physical security controls in our facilities include:

• Only authorized employees have access to the xMatters facilities
• 24-hour manned security, including foot patrols and perimeter inspections
• Biometric scanning for access
• Video surveillance throughout facility and perimeter
• Building engineered for local seismic, storm, and flood risks
• Dedicated concrete-walled Data Center rooms
• Computing equipment in access-controlled steel cages
• Tracking of asset removal
• Procedures are SAS70 tested

Firewalls

All xMatters sites are protected by ICSA certified firewalls with active intrusion detection and protection.

Host & network IDS/IPS

xMatters uses standard high strength SSL technology to encrypt data communications. Individual servers are also protected by host based IDS/IPS.

Data security

Sensitive data elements stored in xMatters’ databases are encrypted by 128-bit AES(Advanced Encryption Standard) encryption.

Physical and / or logical separation of data

xMatters platform as a service offers complete separation of customer data.

Our software as a service utilizes logical separation of customer data and includes hardware/software configurations, which secure the logical separation. Our multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.

Security testing

xMatters tests all of our code for security issues and vulnerabilities before release. We also perform scans of our network and systems for vulnerabilities. Assessments include:

• Application vulnerability threat tests
• Network and system vulnerability threat tests
• Penetration testing
• Code review and testing
• Overall controls review and testing