Statement of Applicability
At XRTech, we are committed to providing secure and reliable software-as-a-service solutions to our customers. To ensure the confidentiality, integrity, and availability of our services, we have implemented a comprehensive information security management system (ISMS) that is aligned with the ISO/IEC 27001:2013 standard.
The scope of our ISMS includes the following areas:
- Infrastructure Security: We have implemented robust security measures to protect our infrastructure, including firewalls, intrusion detection and prevention systems, and regular vulnerability scans and penetration testing.
- Access Control: We maintain strict access controls to ensure that only authorized personnel can access our systems and data. Our access controls include strong authentication mechanisms, role-based access control, and regular access reviews.
- Data Protection: We employ industry-standard encryption and hashing algorithms to protect customer data both in transit and at rest. We have also implemented policies and procedures to ensure the secure handling and disposal of customer data.
- Incident Management: We have a documented incident response plan and procedures to quickly detect, respond to, and recover from security incidents.
- Business Continuity: We have developed and tested a business continuity plan to ensure the continuity of our services in the event of a disruption.
- Compliance: We are committed to complying with applicable laws, regulations, and contractual obligations. We regularly review and update our policies and procedures to ensure compliance.
We conduct regular internal audits and risk assessments to ensure the effectiveness of our ISMS and identify opportunities for improvement. We also engage third-party auditors to perform independent audits of our ISMS and provide objective feedback.
This statement of applicability is reviewed and updated annually to ensure that it remains relevant and reflects our current security posture. We are committed to continually improving our ISMS to meet the evolving needs of our customers and the changing threat landscape.