Our hosting and service delivery infrastructure ensures the highest level of security. This is supported by a world-class network, data and physical security environment. Security is an ongoing process, not a singular event – we continuously evaluate and reinforce our security policy and practices.
Here are just some of the security precautions we take.
Our servers have SSL Certificates signed by global leaders in certificates, Entrust & GTE Cybertrust, so all data transferred between the users and the service is encrypted. The encryption is the same as that used for Internet banking.
No one has access to your organisation unless invited by you and with a level of user permission selected by you. You can remove any invited users whenever you want. You also have the option to invite Customer Care, but it’s for support purposes only and completely at your discretion.
Users must choose a strong password and automatic lockouts are enforced when incorrect passwords are repeatedly entered. We don’t allow the browser to save your login, which eliminates access from a stolen or compromised computer. If you leave your computer unattended for an extended period, you will be automatically logged out.
Our servers are located within Rackspace tier-4, enterprise grade hosting facilities. Access is restricted to authorised Rackspace staff by a combination of biometric systems and 24/7 onsite security guards, and is continually audited to meet SOC 1 Type II standards.
Firewalls & network security
External access to our servers is controlled by multiple layers of firewalls, intrusion protection systems and routers, which are configured and monitored according to industry best practice.
Our own internal office networks are isolated from any customer data by design.
Third party audits and inspections
Our security is reviewed regularly and audited by external specialists. This includes penetrative testing and automated server port security scanning.
Third party access
Transfer of data to any third parties can only occur with your consent and to organisations that provide adequate data protection.
We run offsite backups nightly, full backups weekly and transaction log backups of our database every 10 minutes so we can immediately recover your data if necessary.
How is Xero more secure than desktop software
With Xero your data isn’t stored on your computer – if your laptop crashes, or gets lost, or stolen, all your data remains completely safe and unaffected.
By allowing your accountant or financial advisor to have secure access to your data within Xero, it’s much more secure than emailing your accounting data files or sending out discs with your data on it.
“@Xero @paycycleaus thankful to be 100% Xero -main office computer crashed but with everything online = no data loss & no downtime!”
Steps you can take to stay protected
We work very hard to keep Xero secure. Here are some simple steps you can take to stay protected:
- Create a password nobody can guess, so no dictionary words or family names. Be cryptic or use multi-word pass phrases – easy to remember, hard to crack.
- Don’t share your password with anybody.
- Don’t write your password on a sticky note and attach it to your computer.
- Keep your browser software up to date.
- Make sure you only login at login.xero.com.
Data protection and backup
Our service has been designed for high user availability, with redundancy built into every level of our hosting infrastructure, including redundant power, network, database and web servers. Our service availability performance stands at over 99.99% since launching the service in 2007.
All customer data is backed up daily. We also run a continuous off site data back-up service into a second Rackspace facility for further real-time data protection.
Because we back-up your data, you don’t need to. If you want to get your data out of Xero at any time then you can simply use the Trial Balance and Detailed General Ledger reports to export your data. Exporting reports to Excel is ideal because they can be easily read and are also in a form that can be manipulated for import into other systems if required.
We go to great lengths to comply with legislation covering the security and privacy of data about you as an individual, and the financial data relating to your organisation, in all the major countries where Xero is available.