Security & Trust Center
A translation platform you can trust with your data
If you are looking for our certifications, legal documents and compliance-related documents, you have come to the right place. On this page, you can access our contract terms, SLAs, SCCs, DPAs and everything compliance and security related.
Compliance Certifications
Key Documents
Subscription Agreement Terms
Definitions Schedule
Acceptable Use Policy
Service Level Agreement
Privacy & Cookie Policy
GDPR Compliance Statement
Data Processing Addendum
UK GDPR Addendum
Standard Contractual Clauses Controller to Processor
Standard Contractual Clauses Processor to Processor
HIPAA Privacy Policy
XTM Group Security Program and Policy
Our Approach
- Encryption
We encrypt all traffic in transit with TLS 1.2/1.3. If you use our Private Cloud solution, your data at rest is encrypted using Amazon EBS encryption with the AES-256 algorithm. Passwords are stored using modern hashes. - Backups
Backups are performed daily and are encrypted at rest. AWS snapshots are performed every 2 hours (3 consecutive versions stored) and every 24 hours (12 versions stored). - Disaster Recovery/Business Continuity
We have formally defined a DR/BC Plan that is tested on an annual basis. - IDS/IPS
We constantly monitor our servers by logging and analyzing all relevant activities to ensure the security of our services.
- MFA / SSO support
XTM offers multiple secure authentication and authorization options, such as: Customer-configurable password requirements, MFA, Single Sign On (SSO), LDAP, Active Directory, and Azure AD. - Role Based Access Control
XTM is a role-based system that allows users to define their permissions based on their roles and the rights you grant them. - Penetration tests
An independent third-party penetration-testing specialist company carries out annual testing of the XTM application. Penetration testing includes, but is not limited to, the OWASP Top 10 Vulnerabilities. Each new version of XTM undergoes internal penetration testing as part of the latest release. - SDLC with security focus
We are committed to assessing risk during the entire Software Development Life Cycle including design, implementation, deployment, and maintenance stages.
- Firewall
Firewall rules are used to restrict unauthorized traffic. We follow the NIST’s “Guidelines on Firewalls and Firewall Policy”. - MFA
Access to our systems is only possible with MFA. - Security monitoring
We actively monitor activities on our systems and perform automated or manual prevention actions if required. We use centralized logging and monitoring systems and an IDS/IPS solution. - Vulnerability scans
We perform regular vulnerability scans of our systems, libraries and software by using industry leading solutions.
- Segregation of Duties
We implement a Segregation of Duties (SoD) approach to sustainable risk management and internal controls for a business. The principle of SoD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. - Security Awareness Training
XTM conducts security awareness training for all employees on a regular basis. We provide assessments to measure awareness levels in the company. Simulated phishing attacks are part of the training program. - Risk Assessment Committee
XTM has a formal Risk Assessment Committee that meets once a month and proactively acts to identify and mitigate possible risks. - Principle of Least Privilege
The Principle of Least Privilege (PoLP) is used within XTM International, limiting access rights for users to the bare minimum required to fulfill their function.
- Disk Encryption
All workstations and laptops have disk encryption enabled by default. - Endpoint protection software
Endpoint protection software’s virus database is updated daily and blocks all suspicious activities. - Centralized management
Our endpoints are centrally managed, which ensures compliance with our policies and standards. - Software whitelisting
We implement software whitelisting that restricts the usage of unapproved applications.
Customer testimonials
Security is at the core of our business, which is why we manage risk with the most up-to-date approach in the constantly changing world of information security.
As an international business, we take compliance issues very seriously and we strive on a daily basis to exceed regulatory requirements.