Xref achieves ISO 27001 global standard on data security

  • ISO 27001 further validates platform security, data privacy and accessibility
  • World-leading certification obtained only by organisations with the highest security standards
  • Supports Xref’s strategy to be a global leader in secure information management
  • Extends Xref’s total addressable market to include enterprises requiring suppliers to be ISO 27001 certified

Xref Limited (ASX:XF1), the human resources technology company, today announced it has obtained ISO 27001 certification and released details of a range of new security features that have been incorporated into its market-leading platform.

Following two rigorous years of development and compliance, Xref is delighted to have secured ISO 27001 certification. The certification process included an independent audit of the Company, to confirm that it operates within the requirements of the standard. Obtaining it demonstrates best practice for an information security management system and validates the Company's platform security.

Xref’s clients, candidates and referees demand data security, privacy and accessibility in line with increasing and evolving security expectations, and compliance with regulations, such as the European Union’s General Data Protection Regulation (GDPR), Australia’s Privacy Act and Canada’s Personal Information and Electronic Documents Act (PIPEDA). The Company’s ability to meet and exceed these requirements is a powerful differentiator.

The Xref candidate referencing platform was created to prevent fraud, discrimination and privacy breaches by automating a time-consuming manual process with an online solution. Ongoing investment and platform development has enabled the Company to meet the highest security and data protection standards, meaning the data of its clients, as well as thousands of candidates and referees, remains safe. This certification supports Xref’s strategy to be a global leader in candidate information management.

New updates further strengthen Xref’s security features

While every organisation is now prioritising data security, more than 50% of Xref clients are enterprises that operate under extended security policies and require their technology suppliers to offer the measures that align with those requirements. Following the release of the latest security updates, Xref’s platform now includes:

Two-factor authentication (2FA): this extended verification approach is becoming commonplace in enterprise workplaces, clients now have the opportunity to add 2FA to their Xref account to verify the identity of every user attempting to access it.

  • Extended user management

With multiple individual users across one account, it is important to ensure that only those who are current and appropriate are given access. Xref now enables account administrators to manage this with measures such as an inactive user alert, making them aware of users that have not logged in for an extended period of time and should potentially be deactivated.

  • Advanced password and security policy alignment

Enterprise organisations globally are increasing the number and scope of their security measures. Xref ensures that the security of their. Xref account aligns with these requirements by enabling organisations to customise their access requirements, which may include complex password criteria, 2FA (as above), and automatic logout capabilities.

  • Data sharing and tracking

While the Xref process is typically managed and driven by HR and recruitment professionals, clients also often want to share final reference reports with relevant line managers. Xref has introduced measures to enable this, securely, by creating rules that allow reports to be sent only to those defined as appropriate by account administrators, and automatically updating the log file when a line manager opens a report.

  • Location-based access restrictions

As organisations become more accustomed to using cloud-based technologies, some are seeking to limit the use of their solutions to a defined geographic region. Xref is enabling these restrictions by allowing the introduction of IP and location-based access policies to accounts.

  • Regionalised data storage

As a result of the introduction of the GDPR, many European organisations now require all data storage and handling to be conducted in Europe. Xref has recently introduced regional data centres to host European data locally.

  • Extended security log function

Xref now allows account administrations to monitor every action taken by every user of their Xref account. This creates an audit trail of all account activity and usage and ensures organisations have a clear view of the handling and management of any data securely stored on their Xref account.

Investor and media enquiries:

Ashley Rambukwella, FCR

Tel: +61 (0)2 8264 1004 / +61 (0)407 231 282


Lee Martin Seymour

“Xref’s platform has been built for highly scalable, global enterprises that demand extensive security capabilities. Our technology enables clients to control account data and manage access effectively, meeting stringent security audit processes. We are investing in our platform and remain confident about maintaining the highest levels of security around the world.”

Executive director / CEO Lee-Martin Seymour

Tim Griffiths

“We designed Xref to comply with data privacy needs from the outset and we hold ourselves to a very high standard. Our control over critical information assets helps provide confidence for our clients that their data is protected. ISO 27001 certification is awarded only to those that meet the highest global standard for information security. Obtaining this certification puts us in a much stronger position to sell to large enterprise clients with advanced security requirements. With today’s heightened scrutiny of privacy and data breaches, we have demonstrated that we are at the forefront of the market and prioritising security."

Executive director / CTO Tim Griffiths

Brad Rosser

“​ISO 27001 certification demonstrates the benefits of strategic decisions taken more than two years ago. Xref has always sought to meet best practice and now has the highest quality systems and procedures in place to meet security challenges. This ensures longevity for Xref’s market leadership.”

Chairman Brad Rosser

You may also be interested in:

  1. Xref Secures New Debt Facility
  2. Xref and PageUp Announce Integration Launch
  3. Xref Announces Notable New Client Wins Across All Sales Channels

Find out why thousands of businesses globally trust Xref to help them hire. Book a free demo today.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.