THE SERVICE PLATFORM YOU CAN TRUST
Xaana delivers the highest security and privacy measures, to keep your data safe.
Security, privacy and compliance are the foundations of our platform.
Security has and will always be our top priority at Xaana. All our employees undergo mandatory security, compliance, and privacy training as part of their induction process.
Even though each individual's involvement may vary depending on their role, security is at the heart of everything we do at Xaana.
We recommend that customers use multifactor authentication (MFA). Xaana allows customers to bring in their own MFA provider that is backed by the TOTP (time-based one-time passcode) algorithm. With this setup, customers can easily integrate MFA providers with Xaana's login. Xaana also allows end users of customers to receive a one-time passcode delivered via an email-to-SMS gateway mechanism.
If someone leaves their console open or multiple users access Xaana from the same device, organizations that use SAML as an authentication type can secure against unauthorized access by identifying critical items within Xaana. This allows customers to force a secondary authentication factor that users must enter to access those items.
Xaana Native Login
For customers who wish to use our native login, Workday only stores our Workday password in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time, which is customer configurable by user.
Our data centres adhere to the strictest physical security measures including, but not limited to, the following:
Multiple layers of authentication for server area access
Camera surveillance systems at key internal and external entry points
24/7 monitoring by security personnel
Xaana has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the Xaana environment.
Network IPSs monitor critical network segments for atypical network patterns in the customer environment as well as traffic between tiers and service.
Xaana has implemented an enterprise Secure Software Development Life Cycle (SDLC) to help ensure the continued security of Xaana applications.
Best-in-class RPA security
Xaana delivers Robotic Process Automation (RPA) engineered with built-in security to help you meet the most rigorous governance, compliance, trust and requirements.
Xaana.AI is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act).
The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
What is personal information?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, via our website www.xaana.com.au, from your website, from media and publications, from other publicly available sources, from cookies- delete all that aren’t applicable] and from third parties.
We don’t guarantee website links or policy of authorised third parties.
Why do we collect personal information?
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Disclosure of personal information
Your Personal Information may be disclosed in a number of circumstances including the following:
• Third parties where you consent to the use or disclosure; and
• Where required or authorised by law.
Access to your personal information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
Qantum technology will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
Security of personal information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information.
However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Maintaining the quality of your personal information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date.
If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
Where reasonable and practicable to do so, we will collect your Personal Information only from you.
However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
This Policy may change from time to time and is available on our website.
Certifications & accreditations
As cyber attacks continue to rise and plague organisations, having the knowledge that your data security is being taken care of by a trusted partner is essential. This gives you the ability to focus your time and resources on your core business.
Xaana acquired the ISMS certification in 2022 to follow international best practice to mitigate threats and create a global policy framework which allows us to include security as part of the design process.
SOC 1 & 2 Audit Complete
We are proud to announce that we completed our SOC 2, Type 1 Audit and are compliant with AICPA's Trust Service Criteria for Managed Service Providers. This means that our systems have the highest levels of security in place to protect your company's private and sensitive data.
With the growing risks of cyber security attacks, it's essential you choose an Information Technology Partner you can trust. We conducted the SOC Audit to reinforce that we provide the best IT services in Australia and will continue to do whatever it takes to keep our partners' trust.
Incident Response Plan
The aim of this SIRP is to prevent cyber security incidents from escalating, restore any impacted information or services, preserve any evidence and prevent further impact to government through effective reporting.
Key Management Plan
This standard applies to Xaana applications and associated systems, and cloud service providers systems which are using cryptography as a means to protect data in transit and at rest.
ICT Security Framework
The purpose of this document is to establish and communicate Xaana expectations for information security within the organisation and to ensure the security of sensitive information.
Patch Management Guide
The document specifies the Security Patch Management Capability Plan and Security patch management process and procedures in place for Xaana’s proprietor connector ENSO™.