Xoralia Information Security FAQs
Where is Xoralia's data hosted?
Xoralia is hosted entirely on Microsoft Azure cloud infrastructure, ensuring enterprise-grade security, scalability, and compliance. All customer data resides within your selected data center regions. Xoralia operates data centres in various locations giving good world coverage.
How does Xoralia authenticate users?
Xoralia integrates with Microsoft Entra ID (formerly Azure Active Directory) for authentication, supporting Single Sign-On (SSO), Multi-Factor Authentication (MFA), and all advanced identity management features including Conditional Access.
Is our data encrypted?
Yes. All data handled by Xoralia is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption standards.
Who has access to our data?
Access to customer data is strictly limited to authorised Xoralia personnel under the principle of least privilege. All administrative access is logged, monitored, and regularly audited.
How does Xoralia protect against data breaches?
Xoralia applies a defense-in-depth strategy, including regular penetration testing, continuous security monitoring, and incident response protocols. We also maintain active threat detection through Microsoft’s security services.
Does Xoralia support compliance with standards like GDPR and ISO 27001?
Yes. Xoralia supports customers’ compliance with GDPR, UK GDPR, and other global privacy regulations. Our hosting infrastructure (Microsoft Azure) is certified against standards such as ISO 27001, SOC 2, and HIPAA.
How is customer data backed up and recovered?
Xoralia performs automated daily backups of customer data with secure, geographically redundant storage. Disaster Recovery (DR) plans are tested regularly to ensure rapid data restoration in the unlikely event of a system failure.
Can Xoralia integrate with our internal security tools or SIEM solutions?
Yes. Xoralia provides audit logs and supports integration with Microsoft Sentinel and other SIEM platforms to help organisations centralise their security event monitoring.
What happens to our data if we stop using Xoralia?
Upon contract termination, customer data is securely retained for a defined period (as per contract terms, usually 60 days) before being permanently deleted in accordance with GDPR and industry best practices. Customers may also request immediate data export and deletion.
Does Xoralia monitor and update its security practices?
Absolutely. Security is a continuous process at Xoralia. We regularly review and update our practices, conduct vulnerability assessments, and stay aligned with evolving cybersecurity standards and regulatory requirements.
