Security at Xero
Xero takes a defence-in-depth approach to protecting our systems and your data. Learn more about security at Xero.
ISO 27001 security standard compliance
Xero is certified as compliant with ISO/IEC ISO27001:2022, the premier global information security management system (ISMS) standard.
Log in to download the ISO 27001 certificateSOC 2 security assurance audits
Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.
Log in to download the latest SOC 2 reportRequest security assurance reports
If you don’t have a Xero login, you can request the latest available ISO 27001 certificate or SOC 2 report by completing a request form.
Request security reportsPCI DSS v4.0, SAQ A compliance
We comply with the Payment Card Industry Data Security Standard. We're a level 2 merchant & outsource card processing to level 1 providers.
Multiple layers of protection for data
We provide multiple layers of protection for the information you trust to Xero, including encryption when it’s transferred and stored.
Data protection at XeroMulti-factor authentication for access
Multi-factor authentication (MFA) is designed to prevent anyone but you from accessing your Xero account, even if they know your password.
How MFA worksRobust network and data centre security
Security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation.
Best-in-class availability
Multiple redundancy technologies for our hardware, networks and infrastructure help to keep Xero running if any component fails.
Your online safety
We design security into Xero from the ground up, but you can take additional precautions to help keep you safe online.
Keeping your Xero account safe
If you have questions about security or notice any unusual activity related to Xero, visit Xero Central.
Phishing and malicious emails
If you suspect you received a phishing email and it says it’s from Xero, don’t click on anything in the email.
Xero security noticeboard
Find updates on Xero’s security noticeboard about known phishing and other scams targeting our community.
Check out the security noticeboard
Start using Xero for free
Access Xero features for 30 days, then decide which plan best suits your business.