ISO 27001 security standard compliance
Xero is certified as compliant with ISO/IEC 27001:2013, the premier global information security management system (ISMS) standard.Log in to download the ISO 27001 certificate
SOC 2 security assurance audits
Xero produces Service Organization Control (SOC 2) reports based on independent audits of Xero’s cloud-based accounting system.Log in to download the latest SOC 2 report
PCI DSS v3.2, SAQ A compliance
We comply with the Payment Card Industry Data Security Standard. We're a level 3 merchant & outsource card processing to level 1 providers.
Robust network and data centre security
Security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation.
Multiple redundancy technologies for our hardware, networks and infrastructure help to keep Xero running if any component fails.
Your online safety
We design security into Xero from the ground up, but you can take additional precautions to help keep you safe online.
Keeping your Xero account safe
If you have questions about security or notice any unusual activity related to Xero, visit Xero Central.
Phishing and malicious emails
If you suspect you received a phishing email and it says it’s from Xero, don’t click on anything in the email.