We are committed to maintaining the security of your data. To help ensure security, we have developed xGRC® to be secure by design, incorporating best practice security features directly into the product.

Native Encryption

All data is encrypted in transit using TLS and at rest using Transparent Data Encryption (TDE).

In addition, additional encryption of specific data (such as uploaded files and specific columns that contain potentially sensitive data) is available (using SQL Always Encrypted). This data can be encrypted using either xGRC® or customer managed encryption keys (CMEK).

Dedicated Database

Unlike many cloud based solutions that comingle data in a single database, we don’t. Each xGRC® IRM customer is provided with a dedicated database, which ensures the only data in the tenant is yours and any database credentials are unique to your environment. This separation means there no risk of data cross-contamination and if you ever leave us, you can have peace of mind that your data can be easily sanitised.

Authentication Options

xGRC® supports multifactor authentication using various OTP apps (e.g. Google Authenticator, Microsoft Authenticator, Okta Verify, etc.).
xGRC supports SAML2.0 authentication for single sign-on (SSO)

Auditing Built-in

Audit logging of all operations are built-in natively to the platform. Administrators can easily query the audit log from within platform or it can be fed to an external systems such as a SIEM.

Security Certification

xGRC is hosted in ISO27001:2013 and ISO:27017:2015 certified data centers. xGRC is in the process of achieving ISO27001:2013 certification.