Security

Our approach to security focuses on a combination of security, governance, risk management, and compliance.

Oxley Security Certifications and Policies

At Oxley, protecting our customers’ information and privacy is vitally important to us. As a cloud-based company, entrusted with some of our customers’ most sensitive and valuable data, we’ve set extremely high standards for security. We host our applications in datacenters that have received security certifications from the American Institute of Certified Public Accountants such as SOC 1 and SOC 2, Type II. 

Our approach to security focuses on a combination of security governance, risk management, and of course, compliance. This includes encryption of all data, both at rest (LUKS) and in transit (SSL), network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.

• We host our applications and databases in several US-based data centers that are:

  • GDPR-compliant

  • SOC 1 & 2 Type II certified

  • ISO/IEC 27001:2013 certified

  • EU-U.S. and Swiss-U.S. Privacy Shield certified

• We employ a network-based, stateful firewall, which blocks all traffic not expressly permitted via rules.

• We allow no traffic from outside of the private network to access the databases, and within the network, traffic is limited to whitelisted IP addresses.

• Network load balancing decouples the overall health of our backend services from the health of a single server.

• All data is stored in a managed database cluster, with daily backups of the entire cluster.

More Information

To request any of the reports/certificates listed above, or if you have any other compliance-related questions please contact our Customer Support team here.