0
Answered

Question about file security

mark 2 years ago updated by Anna Jaworska 2 years ago 4

I have a question about security and communication about security with clients. How do you all communicate to users about XTRF security? How does the file security compare to 3rd party services such as DropBox? We're not clear on how to articulate this to our clients and would love some insight from the XTRF team and other users.


Thanks.

Answer

Answer

I am not sure if I have a perfect answer to your question, but if you are using the cloud version of XTRF, they do have a very good ISO security certification. We recently used that and the security policy I believe to satisfy the requirement of one of our clients when audited for 3rd party services. They have ISO 9001:2009 and ISO 27001:2013: https://www.xtrf.eu/iso/

Follow up question...


If we are to come up with a statement for our clients regarding system security, is there information about the requirements of Polish Laws? We'd like to better understand what the risk levels and standards that XTRF is following is...


All data is classified and secured, based on its risk level, following the legal privacy and confidentiality requirements set by the Polish law. 
https://knowledgebase.xtrf.eu/display/XTRFHelp/Security+Policy
Answer

I am not sure if I have a perfect answer to your question, but if you are using the cloud version of XTRF, they do have a very good ISO security certification. We recently used that and the security policy I believe to satisfy the requirement of one of our clients when audited for 3rd party services. They have ISO 9001:2009 and ISO 27001:2013: https://www.xtrf.eu/iso/

That is helpful and I am using the cloud version. Thanks!


It seems at minimum we can say that our client management system is ISO 9001 certified. That's a good place to start.