We are committed to maintaining the security of your data. To help ensure security, we have developed xGRC® to be secure by design, incorporating best practice security features directly into the product.
All data is encrypted in transit using TLS and at rest using Transparent Data Encryption (TDE).
In addition, additional encryption of specific data (such as uploaded files and specific columns that contain potentially sensitive data) is available (using SQL Always Encrypted). This data can be encrypted using either xGRC® or customer managed encryption keys (CMEK).
Unlike many cloud based solutions that comingle data in a single database, we don’t. Each xGRC® IRM customer is provided with a dedicated database, which ensures the only data in the tenant is yours and any database credentials are unique to your environment. This separation means there no risk of data cross-contamination and if you ever leave us, you can have peace of mind that your data can be easily sanitised.
xGRC® supports multifactor authentication using various OTP apps (e.g. Google Authenticator, Microsoft Authenticator, Okta Verify, etc.).
xGRC supports SAML2.0 authentication for single sign-on (SSO)
Audit logging of all operations are built-in natively to the platform. Administrators can easily query the audit log from within platform or it can be fed to an external systems such as a SIEM.
xGRC is hosted in ISO27001:2013 and ISO:27017:2015 certified data centers. xGRC is in the process of achieving ISO27001:2013 certification.