XMPie Trust Centre
At XMPie, we understand that your success is our success. Success is built on trust, which is why it’s important for us to be transparent about our commitment to personal data protection and privacy.
Security
Compliance
Availability
Security
Security is at the core of everything we do at XMPie. As part of Xerox, we have the benefit of consultation with Xerox's global Chief Privacy Officer and information security team, which bolsters our commitment to data protection and privacy.
Processes, Policies and Procedures
Formal IT policies and procedures exist that describe physical security, logical access, computer operations, change control, and data communication standards.
Physical Security
The in-scope system and supporting infrastructure is hosted by AWS. As such, AWS is responsible for the physical security controls for the in-scope system XMPie Services.
Employee Training
All employees are required to take annual information security and privacy training. We have well-documented methods for employees to report potential security incidents.
Data Encryption
All data is encrypted in transit and at rest using industry-standard encryption protocols to ensure your information remains secure.
Access Controls
We implement strict access controls and authentication mechanisms to ensure only authorized personnel can access sensitive systems and data.
Incident Response
We maintain comprehensive incident response procedures and an anonymous whistleblower hotline to report abuses without fear of retribution.
Change Control
XMPie maintains documented Software Development Life Cycle (SDLC) policies and procedures to guide personnel in documenting and implementing application changes. Change control procedures include change request and initiation processes, documentation requirements, development practices, quality assurance testing controls, and required approval procedures.
Compliance
SOC 2 Type II
The SOC 2 Type II report is an independent auditor's attestation of the security controls that XMPie has had in place during the report's coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.
GDPR Compliant
We are transparent about our commitment to personal data protection and privacy as described in our Privacy Policy, which reflects the steps we take to ensure your ability to control how we store, secure, and use personal data.
Subprocessors
A list of our subprocessors is publicly available, and we have contractual arrangements with each that satisfy GDPR requirements. This list is evergreen and will be promptly updated as we bring new subprocessors into our production environment.
View Subprocessors List >
Data Processing Addendum >
Availability
99.95%
Uptime SLA
24/7
Monitoring
Global
Infrastructure
Resilience and Service Continuity
XMPie maintains robust infrastructure with redundancy built in at every level. Our systems are continuously monitored to ensure high availability and rapid response to any issues.
Status Transparency >
Backup and Recovery
XMPie performs regular automated backups of XMPie account information and other critical data using AWS cloud storage. These backups are stored within the secure AWS infrastructure. Access to the backups is limited to the personnel that have access to production infrastructure.
Report a Security Issue
XSRC investigates Xerox product/service vulnerability reports.
Report Issue Now >
Have Questions?
Our team is here to help you understand our security practices and compliance certifications.
