Security at Xero
Xero takes a defence-in-depth approach to protecting our systems and your data. Learn more about security at Xero.
ISO 27001 security standard compliance
Xero is certified as compliant with ISO/IEC 27001:2013, the premier global information security management system (ISMS) standard.Log in to download the ISO 27001 certificate
SOC 2 security assurance audits
Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.Log in to download the latest report
Request security assurance reports
If you don’t have a Xero login, you can request the latest available ISO 27001 certificate or SOC 2 report by completing a request form.Request security reports
PCI DSS v3.2, SAQ A compliance
We comply with the Payment Card Industry Data Security Standard. We're a level 3 merchant & outsource card processing to level 1 providers.
Multiple layers of protection for data
We provide multiple layers of protection for the information you trust to Xero, including encryption when it’s transferred and stored.Learn more about data protection
Multi-factor authentication for access
Multi-factor authentication (MFA) is designed to prevent anyone but you from accessing your Xero account, even if they know your password.Find out how MFA works
Robust network and data centre security
Security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation.
Multiple redundancy technologies for our hardware, networks and infrastructure help to keep Xero running if any component fails.
Start using Xero for free
Access all Xero features for 30 days, then decide which plan best suits your business.
- Safe and secure
- Cancel any time
- 24/7 online support