Security at Xero

Xero takes a defence-in-depth approach to protecting our systems and your data. Learn more about security at Xero.

Try Xero for free
A person using a laptop.

ISO 27001 security standard compliance

Xero is certified as compliant with ISO/IEC ISO27001:2022, the premier global information security management system (ISMS) standard.

Log in to download the ISO 27001 certificate
A logo that says ‘Certified against ISO/IEC 27001:2022 by EY CertifyPoint. Certificate no. 2018-020.’

SOC 2 security assurance audits

Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.

Log in to download the latest SOC 2 report
The AICPA SOC Service Organizations badge.

Request security assurance reports

If you don’t have a Xero login, you can request the latest available ISO 27001 certificate or SOC 2 report by completing a request form.

Request security reports
The cover of Xero’s SOC 2 report.

PCI DSS v4.0, SAQ A compliance

We comply with the Payment Card Industry Data Security Standard. We're a level 2 merchant & outsource card processing to level 1 providers.

PCI Security Standards Council logo

Multiple layers of protection for data

We provide multiple layers of protection for the information you trust to Xero, including encryption when it’s transferred and stored.

Data protection at Xero
A circular flow chart shows a mobile device, a laptop, and a confirming thumbs up.

Multi-factor authentication for access

Multi-factor authentication (MFA) is designed to prevent anyone but you from accessing your Xero account, even if they know your password.

How MFA works
A login screen and a padlock.

Robust network and data centre security

Security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation.

Criss-crossed security camera beams around a laptop showing the Xero dashboard.

Best-in-class availability

Multiple redundancy technologies for our hardware, networks and infrastructure help to keep Xero running if any component fails.

A person using a laptop, with a graphic of a lightbulb.

Vulnerability Disclosure Program

Xero's VDP helps ensure security issues are constantly reported and resolved securely.

More on Xero’s VDP
A hooded figure using a laptop, surrounded by icons like a locked folder, email, password, and credit card

Your online safety

We design security into Xero from the ground up, but you can take additional precautions to help keep you safe online.

Keeping your Xero account safe

If you have questions about security or notice any unusual activity related to Xero, visit Xero Central.

Read support articles about security on Xero Central

Phishing and malicious emails

If you suspect you received a phishing email and it says it’s from Xero, don’t click on anything in the email.

Report by forwarding the email to phishing@xero.com

Xero security noticeboard

Find updates on Xero’s security noticeboard about known phishing and other scams targeting our community.

Check out the security noticeboard

Start using Xero for free

Access Xero features for 30 days, then decide which plan best suits your business.