We are committed to maintaining the security of your data. To help ensure security, we have developed xGRC® to be secure by design, incorporating best practice security features directly into the product.
All data is encrypted in transit using TLS and at rest using Transparent Data Encryption (TDE).
In addition, encryption of specific data (such as the documents and risks) is available. This data can be encrypted using a unique encryption key for each customer managed by either our or a your key management server (KMS).
xGRC supports multifactor authentication using various OTP apps (e.g. Google Authenticator, Microsoft Authenticator, Okta Verify, etc.).
xGRC supports SAML2.0 authentication for single sign-on (SSO)
Audit logging of all operations are built-in natively to the platform. Administrators can easily query the audit log from within platform.
xGRC is hosted in ISO27001:2013 and ISO:27017:2015 certified data centers. xGRC is in the process of achieving ISO27001:2013 certification.