xMatters has released an official statement and workshops to help customers navigate through COVID-19

Our Priority is Data Security

We are committed to providing our clients with a secure environment using the most advanced technologies to safeguard their information. The xMatters Information Security Management System (ISMS) is a guarantee of a great service and a secure platform, where data is treated as a valuable asset and always kept private.

The xMatters security framework is certified against ISO/IEC 27001:2013 Information Security Standard and uses the comprehensive set of policies, processes, and controls for standardized treatment of data. All controls are centrally monitored and assessed for quality assurance.

xMatters has a constantly improving security program in place with semi-annual internal audits conducted by an independent third party, and an external annual certification audit performed by an accredited organization.

We’ve summarized our key security practices below. If you have any questions, contact us at security@xmatters.com.

Organizational security

  • Documented onboarding process and access control for employees
  • Employee background checks
  • Information security training and awareness programs
  • Separation between development and production environments
  • Centralized endpoint protection, firewall, and VPN
  • Documented and monitored processes for incident management, data breach, risk assessment, nonconformities to the ISMS, and corrective action
  • Policies, procedures and controls implemented and certified against ISO 27001 Information Security Standard
  • Management commitment to Information Security objectives and well-established roles and responsibilities
  • Management review meetings
  • Physical security audits
  • Cross-functional team focuses on the application infrastructure security
  • Centralized governance, risk management, and compliance (GRC) software

More information here.

Platform security

  • SaaS resides in Google Cloud Platform (GCP)
  • Encryption in transit and at rest
  • Available on multiple regions availability zones
  • Multiple levels of firewalls policy layers for network and data protection
  • Logging and monitoring capability
  • Automated configuration assessment
  • Documented change management procedure applied to the infrastructure
  • Third-party penetration testing

Security Framework

The xMatters Information Assurance Team manages an Information Security Management System (ISMS), which is ISO 27001:2013 certified.

Our security framework includes:

  • Policies, Procedures and Controls
  • Asset Management
  • Risk Management
  • Access Management
  • Organizational Security
  • Physical Security
  • Cryptography
  • Operations Security
  • Supplier Security
  • Business Continuity
  • Compliance

Security is the responsibility of all xMatters personnel. The entire team is regularly trained, and our systems and processes are audited at planned intervals. The Privacy Officer and the Information Assurance Manager define and maintain the security portfolio up-to-date. The ISMS Steering Committee reviews the entire program and controls on a regular basis during the Management Review Meetings.

Security White Paper