Trust Center

Xelion_shutterstock_2151193513_smal.jpg shutterstock_2446208547.jpg

NIS2


Xelion and the Cybersecurity Act
 

Xelion belongs to the category of “significant” entities. Back in 2021, we started taking measures against information security risks by adopting an ISO 27001-certified Information Security Management System (ISMS).

Key components of the ISMS include conducting risk assessments, vendor reviews, continuous awareness training, PEN testing, vulnerability management and having a mature incident logging and response process. These components are also a large part of the foundation of the Cybersecurity Act, most of which Xelion already complies with. Nevertheless, we are working hard to be fully compliant with the Cybersecurity Act well before it becomes legislation.

Are you a customer, partner or vendor and do you have any questions or
comments in regards to this? Do not hesitate to let us know so we can help or
provide you with more information.

Xelion-hero-6.png

Business Continuity


Being prepared for all imaginable risks
 

The continuity of our service is critical. If a customer cannot make or receive calls due to a technical problem, there are major consequences. In addition to technical risks, there are also organizational risks. Whether technical or strategic, we have the risks identified and prepared roadmaps for when any of these risks become reality. These risks are not only documented on paper, but also simulations of conceivable and unthinkable scenarios are run to confirm that continuity is guaranteed.

Security and Awareness

Awareness

No security without awareness

Our awareness training goes far beyond simply locking your PC, avoiding USB sticks and using strong passwords with Multi-factor-authentication (MFA). We regularly “hack” ourselves to demonstrate what risks may exist within our organization and products. In addition to education about potential risks, we use an e-learning program. Based on a gap analysis, we know exactly where our knowledge is sufficient and where additional attention is needed.
This e-learning program contains modules that are interesting for every department. Consider, for example, detecting phishing and deepfakes for our support departments.

Phishing Simulation

Recognizing fake emails

Phishing remains a major cause of data breaches. Despite measures such as detection and alerting, phishing remains a challenge for any organization. That is why we regularly conduct phishing simulations to make employees aware of the dangers.

Password Policy

Policies are nice, but measures are better

There is a strict password policy within Xelion. All employees and systems must comply with this policy. We also expect our suppliers to adhere to our policies. However, a policy alone does not offer guarantees. Therefore, we incorporate technological measures to prevent the use of insecure passwords.

Secret Share

Encrypted information transfer

Sending sensitive information, such as access data, should never be done unencrypted. For such data, we use our Secret Share tool, where data has a shelf life between 5 minutes and 1 week. After being read once, the data can be destroyed and can be protected with an additional password. Our Secret Share tool is also available to remote users via secretshare.xelion.com.

Authentication

We protect your valuable communications data

Xelion uses a management tool to manage multiple servers and tenants. This tool provides access to your client's environment or your own environment. In addition to a strong password, two-factor authentication (2FA) is required to log into the management tool. We register exactly who, where and when there was a login. Our mobile apps also require second factor to login securely. In addition, we offer an OpenID link for Microsoft Entra ID if you want to set up 2FA through Microsoft 365.

Vulnerability Management

Daily vulnerability scanning

We scan our most important assets daily for vulnerabilities. As soon as vulnerabilities are found, we are informed instantly and take the necessary measures to reduce risks.

Bug Bounty Program

Appreciation for found vulnerabilities

Based on Responsible Disclosure, we have a small-scale Bug Bounty program. This allows ethical hackers to report vulnerabilities to us. An appropriate reward is awarded based on opportunity and impact.

PEN Testing

Digital hacking for the advanced

We regularly conduct PEN tests to identify vulnerabilities in products or services. These tests confirm our security-by-default and privacy-by-default methods. We encourage customers and partners to also perform PEN tests amoungst themselves. However, this should be done in consultation so that we can facilitate where necessary.

Privacy in Xelion

Privacy Statement
Do what you say, and say what you do

Xelion processes a lot of data through different media, such as our website, mobile apps and desktop apps. In our privacy statement, we transparently explain which data we process and the purpose of this. As new features are added to our products, we update our privacy statement accordingly so that you know exactly what privacy-sensitive data we process.

AVG / GDPR
General Data Protection Regulation

Xelion strictly adheres to the AVG. We provide transparent information about data processing, its basis and comply with the rights of data subjects. We take technical and organizational measures to limit risks, such as risk analyses and privacy training for our employees.

Certifications

Xelion has a NEN- and ISO 27001-certified Information Security Management System (ISMS). In our Statement of Applicability, we indicate which risks we are mitigating and with which measurements.

Incident Management
Risk Management
Internal Audits
Asset Management
`

Security Officer

Do you have questions or comments about our technological measures, privacy or
other security-related topics? Feel free to contact us!

E-mail: securityofficer@xelion.com
Telephone / WhatsApp: +31 152 511 411