Security at Xero

Xero takes a defence-in-depth approach to protecting our systems and your data. Learn more about security at Xero.

A small business owner reads about the steps Xero has taken to protect its systems and data.

ISO 27001 security standard compliance

Xero is certified as compliant with ISO/IEC 27001:2013, the premier global information security management system (ISMS) standard.

Log in to download the ISO 27001 certificate
A logo that says ‘Certified on ISO/IEC 27001:2013 by EY CertifyPoint’ with certificate no. 2018 -020.

SOC 2 security assurance audits

Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.

Log in to download the latest report
The AICPA SOC Service Organizations badge.

Request security assurance reports

If you don’t have a Xero login, you can request the latest available ISO 27001 certificate or SOC 2 report by completing a request form.

Request security reports
The cover of Xero’s SOC 2 report.

PCI DSS v3.2, SAQ A compliance

We comply with the Payment Card Industry Data Security Standard. We're a level 3 merchant & outsource card processing to level 1 providers.

The logo of the PCI Security Standards Council.

Multiple layers of protection for data

We provide multiple layers of protection for the information you trust to Xero, including encryption when it’s transferred and stored.

Learn more about data protection
A small business owner accesses their Xero account on their phone and laptop knowing their data is protected.

Multi-factor authentication for access

Multi-factor authentication (MFA) is designed to prevent anyone but you from accessing your Xero account, even if they know your password.

Find out how MFA works
A login screen and a padlock represent how MFA prevents anyone but you from accessing your Xero account.

Robust network and data centre security

Security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation.

Criss-crossed lines around a laptop showing the Xero dashboard signify Xero’s robust network security controls.

Best-in-class availability

Multiple redundancy technologies for our hardware, networks and infrastructure help to keep Xero running if any component fails.

A small business owner uses Xero knowing it will always be available when they need it.

Start using Xero for free

Access all Xero features for 30 days, then decide which plan best suits your business.

  • Included
    Safe and secure
  • Included
    Cancel any time
  • Included
    24/7 online support