Xref Limited (ASX:XF1), the human resources technology company, today announced it has obtained ISO 27001 certification and released details of a range of new security features that have been incorporated into its market-leading platform.
Following two rigorous years of development and compliance, Xref is delighted to have secured ISO 27001 certification. The certification process included an independent audit of the Company, to confirm that it operates within the requirements of the standard. Obtaining it demonstrates best practice for an information security management system and validates the Company's platform security.
Xref’s clients, candidates and referees demand data security, privacy and accessibility in line with increasing and evolving security expectations, and compliance with regulations, such as the European Union’s General Data Protection Regulation (GDPR), Australia’s Privacy Act and Canada’s Personal Information and Electronic Documents Act (PIPEDA). The Company’s ability to meet and exceed these requirements is a powerful differentiator.
The Xref candidate referencing platform was created to prevent fraud, discrimination and privacy breaches by automating a time-consuming manual process with an online solution. Ongoing investment and platform development has enabled the Company to meet the highest security and data protection standards, meaning the data of its clients, as well as thousands of candidates and referees, remains safe. This certification supports Xref’s strategy to be a global leader in candidate information management.
While every organisation is now prioritising data security, more than 50% of Xref clients are enterprises that operate under extended security policies and require their technology suppliers to offer the measures that align with those requirements. Following the release of the latest security updates, Xref’s platform now includes:
Two-factor authentication (2FA): this extended verification approach is becoming commonplace in enterprise workplaces, clients now have the opportunity to add 2FA to their Xref account to verify the identity of every user attempting to access it.
With multiple individual users across one account, it is important to ensure that only those who are current and appropriate are given access. Xref now enables account administrators to manage this with measures such as an inactive user alert, making them aware of users that have not logged in for an extended period of time and should potentially be deactivated.
Enterprise organisations globally are increasing the number and scope of their security measures. Xref ensures that the security of their. Xref account aligns with these requirements by enabling organisations to customise their access requirements, which may include complex password criteria, 2FA (as above), and automatic logout capabilities.
While the Xref process is typically managed and driven by HR and recruitment professionals, clients also often want to share final reference reports with relevant line managers. Xref has introduced measures to enable this, securely, by creating rules that allow reports to be sent only to those defined as appropriate by account administrators, and automatically updating the log file when a line manager opens a report.
As organisations become more accustomed to using cloud-based technologies, some are seeking to limit the use of their solutions to a defined geographic region. Xref is enabling these restrictions by allowing the introduction of IP and location-based access policies to accounts.
As a result of the introduction of the GDPR, many European organisations now require all data storage and handling to be conducted in Europe. Xref has recently introduced regional data centres to host European data locally.
Xref now allows account administrations to monitor every action taken by every user of their Xref account. This creates an audit trail of all account activity and usage and ensures organisations have a clear view of the handling and management of any data securely stored on their Xref account.
Investor and media enquiries:
Ashley Rambukwella, FCR
Tel: +61 (0)2 8264 1004 / +61 (0)407 231 282
a.rambukwella@fcr.com.au
“Xref’s platform has been built for highly scalable, global enterprises that demand extensive security capabilities. Our technology enables clients to control account data and manage access effectively, meeting stringent security audit processes. We are investing in our platform and remain confident about maintaining the highest levels of security around the world.”
Executive director / CEO Lee-Martin Seymour
“We designed Xref to comply with data privacy needs from the outset and we hold ourselves to a very high standard. Our control over critical information assets helps provide confidence for our clients that their data is protected. ISO 27001 certification is awarded only to those that meet the highest global standard for information security. Obtaining this certification puts us in a much stronger position to sell to large enterprise clients with advanced security requirements. With today’s heightened scrutiny of privacy and data breaches, we have demonstrated that we are at the forefront of the market and prioritising security."
Executive director / CTO Tim Griffiths
“ISO 27001 certification demonstrates the benefits of strategic decisions taken more than two years ago. Xref has always sought to meet best practice and now has the highest quality systems and procedures in place to meet security challenges. This ensures longevity for Xref’s market leadership.”
Chairman Brad Rosser
For all media enquiries: media@xref.com