PUBLIC

3.8. ISO 27001, SOC 2, GDPR

Compliance Statement: Alignment with ISO 27001, SOC 2, and GDPR

While XSTRA has not yet attained formal certification under ISO 27001, SOC 2, or GDPR, our operational and security frameworks are meticulously designed to align with the core requirements of these standards. Our commitment to robust information security and data protection is evident through our advanced technologies and practices. Should formal certification be necessary for client engagement, we are well-positioned to complete the requisite processes within a short and realistic timeframe.

ISO 27001 – Information Security Management

  • Comprehensive Information Security Policy, reviewed at the executive level.
  • Annual internal reviews for continuous improvement and relevance.
  • Strict access control via role-based permissions and Multi-Factor Authentication (MFA).
  • Documented and audited user access throughout the lifecycle.
  • Secure data disposal and off-site encrypted backups with restoration testing.
  • Jurisdictional compliance with strict data residency controls.
  • Infrastructure includes network segmentation, firewall enforcement, and formal change management.
  • Well-defined incident response plan supported by staff training and escalation pathways.

SOC 2 – Trust Service Principles (Security, Availability, Confidentiality)

  • Systems architected for security, availability, and confidentiality.
  • Continuous monitoring for security events and anomalies.
  • Up-to-date antivirus and endpoint protection across all devices.
  • Active patch management to ensure timely updates.
  • Structured change control processes and ongoing security awareness training.
  • Enforced confidentiality agreements for all personnel.
  • Risk assessments and formal agreements with third-party vendors.
  • XDESK Platform: Built on Citrix, includes:
    • Anti-keylogging technology to prevent credential theft.
    • Screen capture protection to block visual data leaks.

GDPR – General Data Protection Regulation

  • Transparent data handling practices with data minimization and purpose limitation.
  • Processing of personal data only on valid legal bases.
  • Firm jurisdictional and residency controls for data processing.
  • XACCESS: Secure, location-based authentication using the XACCESS Site Key:
    • Creates “Safe Zones” for controlled access to cloud resources.
    • Restricts sensitive data access to authorized personnel at physical locations.
  • Incident response and breach notification plans aligned with GDPR timelines.
  • Ongoing staff training to reinforce privacy and data protection obligations.

Innovative Security Solutions: XACCESS and XDESKTOP

  • XACCESS: Combines MFA with location-based controls to create secure access environments for sensitive systems.
  • XDESKTOP: A secure virtual desktop infrastructure providing a consistent, protected user experience. Fully integrated with our XDESK platform.

Our advanced technologies and stringent security practices demonstrate our strong alignment with ISO 27001, SOC 2, and GDPR standards. While formal certification is pending, our frameworks and operations are designed to meet these standards in both substance and execution. If required, we are well-prepared to finalize formal certification within a short timeframe.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Please do not use this for support questions.
Need Help? -> Contact Us !

Post Comment