Information Security
Informationssicherheit
Xaver Information Security & Compliance Overview
At Xaver, we are committed to protecting the confidentiality, integrity, and availability of information. Our Information Security Management System (ISMS) aligns with ISO 27001:2022 standards, ensuring we meet and exceed industry security requirements.
Management Commitment to Information Security
Our Management Board is fully committed to maintaining the highest standards of information security. They take full responsibility for the ISMS's effectiveness and ensure sufficient resources are allocated to safeguard our information assets. Security is integrated into our business strategy and organizational culture.
Annual Review of Policies and Continuous Improvement
All information security policies undergo an annual review by the Information Security Officer (ISO) and the Management Board. This ensures our policies stay aligned with regulatory changes, best practices, and technological advancements. Significant changes prompt immediate updates, which are communicated organization-wide.
Software Development Lifecycle (SDLC) and Change Management
We embed secure development and change management into our SDLC to ensure security is considered at every product development stage.
Security by Design: Integrating security from the earliest development stages.
Code Reviews and Audits: Conducting regular code reviews using automated and manual techniques.
Vulnerability Scanning and Penetration Testing: Performing regular tests to identify and address weaknesses.
Change Management Process: Following a formal process that includes risk assessment, approval, documentation, testing, validation, and post-implementation review.
Confidentiality, Integrity, and Availability
We focus on three core principles:
Confidentiality: Only authorized individuals and processes can access data.
Integrity: We protect the accuracy and completeness of information.
Availability: Systems and information are accessible to authorized users when needed.
Risk Management and Continuous Improvement
Risk management is central to our ISMS. We conduct regular risk assessments to identify vulnerabilities and threats, followed by mitigation strategies. Our ISMS undergoes continuous monitoring and improvement through internal and external audits and performance evaluations.
Access Control and Data Protection
Access to systems and information is strictly controlled based on the principle of least privilege. We regularly review access control policies to ensure alignment with our security objectives. We adhere to GDPR and other data protection regulations, ensuring personal data is handled securely and lawfully.
Encryption and Secure Communication
We employ encryption protocols to protect data at rest and in transit. Sensitive information is encrypted using advanced cryptographic standards like AES-256 and TLS 1.2+. We use secure VPNs and dedicated cloud environments to maintain data confidentiality and integrity.
Incident Management and Response
Our ISO and dedicated security teams manage all security incidents. We have clear protocols to quickly detect, respond to, and recover from security breaches or data compromises. We conduct Root Cause Analyses (RCA) for incidents and implement preventive measures. Affected parties are notified within legally mandated timeframes, such as GDPR's 72-hour requirement.
Business Continuity and Disaster Recovery
Our Business Continuity Plan (BCP) ensures the availability of critical services during disruptions. Disaster recovery procedures align with ISO 27001:2022, ensuring rapid restoration of key functions. We regularly test our BCP and disaster recovery measures for effectiveness
.
Compliance with Legal and Regulatory Requirements
We comply with GDPR, BaFin regulations, and other relevant legal frameworks. Our systems meet all statutory and regulatory obligations concerning information security and data protection. Our cloud providers and critical third-party vendors also adhere to high security standards, including ISO/IEC 27001 certification.
Training and Awareness
Security is everyone's responsibility. All employees and contractors undergo regular security awareness training to understand their role in maintaining a secure environment. Training covers cybersecurity threats, data handling procedures, and incident reporting protocols.
Audits and Continuous Monitoring
We undergo internal and external audits to ensure compliance with ISO 27001:2022 and other standards. These audits verify that security controls are effective and up-to-date. Our monitoring processes include ongoing security assessments, penetration testing, and vulnerability scanning.
Supplier and Third-Party Management
We maintain a rigorous third-party vendor management process, requiring all critical suppliers, including cloud service providers, to comply with our security standards. Contracts with third parties are regularly reviewed to ensure adherence to ISO 27001 and GDPR requirements.
Responsible Disclosure
We encourage responsible disclosure of potential vulnerabilities. If you identify any security concerns, please contact us at iso@xaver.com. We appreciate collaborative efforts to ensure system safety and are committed to resolving reported vulnerabilities promptly.
Information Security
Informationssicherheit
Xaver Information Security & Compliance Overview
At Xaver, we are committed to protecting the confidentiality, integrity, and availability of information. Our Information Security Management System (ISMS) aligns with ISO 27001:2022 standards, ensuring we meet and exceed industry security requirements.
Management Commitment to Information Security
Our Management Board is fully committed to maintaining the highest standards of information security. They take full responsibility for the ISMS's effectiveness and ensure sufficient resources are allocated to safeguard our information assets. Security is integrated into our business strategy and organizational culture.
Annual Review of Policies and Continuous Improvement
All information security policies undergo an annual review by the Information Security Officer (ISO) and the Management Board. This ensures our policies stay aligned with regulatory changes, best practices, and technological advancements. Significant changes prompt immediate updates, which are communicated organization-wide.
Software Development Lifecycle (SDLC) and Change Management
We embed secure development and change management into our SDLC to ensure security is considered at every product development stage.
Security by Design: Integrating security from the earliest development stages.
Code Reviews and Audits: Conducting regular code reviews using automated and manual techniques.
Vulnerability Scanning and Penetration Testing: Performing regular tests to identify and address weaknesses.
Change Management Process: Following a formal process that includes risk assessment, approval, documentation, testing, validation, and post-implementation review.
Confidentiality, Integrity, and Availability
We focus on three core principles:
Confidentiality: Only authorized individuals and processes can access data.
Integrity: We protect the accuracy and completeness of information.
Availability: Systems and information are accessible to authorized users when needed.
Risk Management and Continuous Improvement
Risk management is central to our ISMS. We conduct regular risk assessments to identify vulnerabilities and threats, followed by mitigation strategies. Our ISMS undergoes continuous monitoring and improvement through internal and external audits and performance evaluations.
Access Control and Data Protection
Access to systems and information is strictly controlled based on the principle of least privilege. We regularly review access control policies to ensure alignment with our security objectives. We adhere to GDPR and other data protection regulations, ensuring personal data is handled securely and lawfully.
Encryption and Secure Communication
We employ encryption protocols to protect data at rest and in transit. Sensitive information is encrypted using advanced cryptographic standards like AES-256 and TLS 1.2+. We use secure VPNs and dedicated cloud environments to maintain data confidentiality and integrity.
Incident Management and Response
Our ISO and dedicated security teams manage all security incidents. We have clear protocols to quickly detect, respond to, and recover from security breaches or data compromises. We conduct Root Cause Analyses (RCA) for incidents and implement preventive measures. Affected parties are notified within legally mandated timeframes, such as GDPR's 72-hour requirement.
Business Continuity and Disaster Recovery
Our Business Continuity Plan (BCP) ensures the availability of critical services during disruptions. Disaster recovery procedures align with ISO 27001:2022, ensuring rapid restoration of key functions. We regularly test our BCP and disaster recovery measures for effectiveness
.
Compliance with Legal and Regulatory Requirements
We comply with GDPR, BaFin regulations, and other relevant legal frameworks. Our systems meet all statutory and regulatory obligations concerning information security and data protection. Our cloud providers and critical third-party vendors also adhere to high security standards, including ISO/IEC 27001 certification.
Training and Awareness
Security is everyone's responsibility. All employees and contractors undergo regular security awareness training to understand their role in maintaining a secure environment. Training covers cybersecurity threats, data handling procedures, and incident reporting protocols.
Audits and Continuous Monitoring
We undergo internal and external audits to ensure compliance with ISO 27001:2022 and other standards. These audits verify that security controls are effective and up-to-date. Our monitoring processes include ongoing security assessments, penetration testing, and vulnerability scanning.
Supplier and Third-Party Management
We maintain a rigorous third-party vendor management process, requiring all critical suppliers, including cloud service providers, to comply with our security standards. Contracts with third parties are regularly reviewed to ensure adherence to ISO 27001 and GDPR requirements.
Responsible Disclosure
We encourage responsible disclosure of potential vulnerabilities. If you identify any security concerns, please contact us at iso@xaver.com. We appreciate collaborative efforts to ensure system safety and are committed to resolving reported vulnerabilities promptly.
Book your free demo today
Unlock your sales potential by letting the Xaver
AI work and save you hours of time and headaches.
Sign up to the newsletter to get our latest updates straight to your inbox
© 2024 Xaver. All rights reserved.
Proudly built by the Xaver team
Book your free demo today
Unlock your sales potential by letting the Xaver
AI work and save you hours of time and headaches.
Sign up to the newsletter to get our latest updates straight to your inbox
© 2024 Xaver. All rights reserved.
Proudly built by the Xaver team