Data Security and Compliance
The Customer Cloud is architected with sound infosec principles. Nothing in the Customer Cloud is accessible to internal and external stakeholders, other than nominated IT users. It is architected with multiple layers of security.
Xerago deploys the Customer Cloud on a shared-nothing private cloud or on your servers, in both instances isolated from the internet.
All user sessions and Application to Private Cloud connections are secured via HTTPS using 2048 bit Certificates with strong 256 bit encryption.
All data belonging to your Bank is stored entirely in your Private Cloud which is inaccessible via public Internet.
All Personally Identifiable Information is stored in a separate token vault.
All ports and servers are closed to the public Internet, with the exception of two HTTPs 443s ports.
Xerago uses Intrusion Detection System (IDS) sensors to detect and alert unauthorized efforts for network access.
Xerago ensures that the risk and vulnerability management, incident response, mitigation, and resolution process is agile and precise.
Xerago identifies potential security vulnerabilities to improve the security of the Customer Cloud overall. Our security team also ensures that high risk vulnerabilities are addressed prior to each release.
Regulatory / Standards Compliance
Below is the list of certifications, standards and regulations that the platform complies with.
SOC2 – Type II
Xerago is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles of security, privacy, confidentiality, availability, and processing integrity.
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
(Open Web Application Security Project)
OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Customer Cloud ensures implementation and monitoring of coding best practices outlined in the Open Web Application Security Project (OWASP) guidelines.
The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
The TCPA (The Telephone Consumer Protection Act of 1991) restricts telephone solicitations and limits the use of automatic dialing systems, artificial or prerecoreded voice messages, SMS texts and fax machines primarily to safeguard consumer privacy.
Customer Data Confidentiality
The approach and steps taken by Xerago help safeguard the security of the Customer Cloud and customer data. Banks can lessen their worries with the Customer Cloud, knowing that the integrity and security of their data is fully intact.
Existing customers -
the gold in your backyard
Highly flexible, scalable and
How does it work?
Two engine working in tandem -
and improving all the time.
Become indispensable to
Data Security and Compliance
Built on a bedrock of the soundest