Skip to main content
Xephyr company logo
GOVERNANCE & TRUST

Security and Compliance at Our Core

Your data is safe with us. Here is how we ensure it.

CERTIFICATION

ISO 27001 Certified

Xephyr holds ISO 27001 certification — the international standard for information security management. This certification means our security controls, processes, and risk management practices have been independently audited and verified to meet the highest international standards.

For clients, this means you can engage with confidence. Our certification covers all aspects of how we handle your data — from collection and processing to storage and deletion. We undergo annual recertification audits to maintain our standing.

ISO 27001

Information Security Management

HOW WE PROTECT YOUR DATA

Our security practices

Data encryption

All client data is encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys are managed via AWS KMS with automatic rotation.

Access controls

Least-privilege access by default. Role-based access controls applied to all systems. Access is audited quarterly and revoked immediately on offboarding.

Audit trails

Comprehensive audit logging for all data access and system changes. Logs are tamper-evident, retained for 12 months, and reviewed on a rolling basis.

Incident response

A documented incident response plan tested via tabletop exercises every six months. Clients are notified within 72 hours of any confirmed breach — in line with GDPR requirements.

Vulnerability management

Regular penetration testing by accredited third parties. Automated dependency scanning in CI/CD pipelines. Critical patches applied within 24 hours.

COMPLIANCE

Regulatory alignment

We operate in full compliance with GDPR for all client engagements involving EU personal data. Our data processing agreements are available on request and clearly define the roles of controller and processor, retention periods, and your rights as a data subject.

For clients in regulated industries — financial services, healthcare, public sector — we have experience navigating the specific requirements of FCA, ICO, and NHS Digital frameworks. We align our delivery approach to your regulatory context from the start of an engagement, not as an afterthought.

GET STARTED

Ready to Transform Your Data?

Book a call with our team to discuss how AI and data can drive results for your business.

Book a Call