We use cookies to give you the most personalized experience possible on our website, and to collect information about how visitors use our site. If you continue without changing your settings, we’ll assume that you’re ok with receiving cookies from the XMedius website. You can disable cookies in your browser settings at any time, but please note that parts of the site will not work properly if you disable cookies.

For more information on how we use cookies, read our privacy policy.


Certifications & Compliance

XMedius solutions are built for extreme reliability, security, and ease of use. A key consideration in our design process is enabling customers to more easily comply with a range of privacy and data security regulations.

Solution Certifications

  • ISO/IEC 27001
  • Cyber Essentials
  • STAR

Regulatory Compliance

  • GDPR
  • SOX
  • Section 508

Solution Certifications


ISO/IEC 27001 – Information Security Management

The International Organization for Standardization (ISO 27001) is a structured methodology for information security and used as a benchmark for protecting sensitive and private information. It is often understood as an umbrella over other legal requirements, regulations (such as JSOX, SOX, and the Data Protection Directive) or contractual standards (PCI DSS).

XMedius has complied with ISO/IEC 27001 since 2015. This ensures that our information security standards are continuously fine-tuned to keep pace with security threats and vulnerabilities that impact businesses. XMedius covers the 11 major controls required as part of the ISO 27001 compliance standard, demonstrating our commitment to high levels of information security management.


Payment Card Industry Data Security Standard (PCI DSS)

XMedius secure file exchange solutions have been independently audited and certified compliant with PCI DSS Level 1 service provider requirements. This means that they leverage secure environments that uphold the stringent standards developed by the credit card industry to protect cardholder data, which include building secure networks, maintaining a vulnerability management program, implementing strong access control measures, training employees, and regularly testing systems to ensure they remain secure.

XM Fax and XM SendSecure allow organizations to exchange protected cardholder information for major credit cards in line with their PCI DSS compliance obligations.

For more information about this certification, visit the PCI Security Standards Council website.


Cyber Essentials Certification

The XMedius European Cloud infrastructure has been third party certified under the Cyber Essentials program backed by the UK’s National Cyber Security Centre.

Cyber Essentials compliance dictates the level of cybersecurity necessary for many UK government contacts, requiring protections across five technical control themes: firewalls, secure configuration, user access control, malware protection, and patch management.

For more information about this certification, visit the NCSC’s Cyber Essentials website.


Security Trust Assurance and Risk (STAR) Certification

XMedius secure file exchange products in the cloud are certified under the Cloud Security Alliance’s STAR program at Level 1. This is a public demonstration that XMedius is committed to transparency regarding our stringent security and GDPR-compliant privacy policies. To learn more about what these commitments entail, you can view the XMedius assessment questionnaire here.

For more information about this certification, visit the CSA’s website.

Regulatory Compliance

XMedius solutions facilitate compliance with a range of essential industry and government regulations.


The Health Insurance Portability and Accountability Act (HIPAA)

A large and growing number of healthcare providers and IT professionals are using XMedius secure file exchange solutions to process, store, and transmit ePHI. Federal law mandates that all U.S. organizations handling such information and submitting to insurance comply with HIPAA privacy and security rules.

XMedius enables partners and end-customers subject to HIPAA to leverage our secure solutions to more easily process, maintain, and store protected health information in a compliant manner.

Learn more about HIPAA compliance


The General Data Protection Regulation (GDPR)

GDPR mandates strict rights protections and security controls on information gathered from or about people anywhere in the European Union. What makes the law of particular concern to a wide variety of organizations is its extraterritorial reach: organizations outside the EU who mishandle protected information are just as subject to regulatory action as those within EU borders.

XMedius secure file exchange solutions have been designed to meet the standards necessary for facilitating GDPR-compliant information storage and communications. In addition, XMedius maintains siloed cloud infrastructure in Europe expressly to simplify data sovereignty concerns under the law.

Learn more about GDPR compliance


The Family Educational Rights and Privacy Act (FERPA)

XMedius enables American schools subject to FERPA to leverage the secure XMedius environment to process, maintain, and store protected student information in accordance with FERPA policies.

Learn more about FERPA compliance


The Sarbanes-Oxley Act of 2002 (SOX)

The Sarbanes-Oxley Act of 2002 is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the workplace, as well as improve the accuracy of corporate disclosures.

XMedius helps IT departments that are increasingly tasked with creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.

Learn more about SOX compliance


The Section 508 Amendment to the Rehabilitation Act of 1973

Section 508 applies to all U.S. Federal agencies when they develop, procure, maintain, or use information technology. Under the law, agencies must give disabled employees and members of the public access to information that is comparable to the access available to others.

Full system accessibility will depend on the accessibility of the customer’s third-party telephony hardware, but in terms of our software, XMedius is committed to ensuring equal access. For example, CX-E’s functionality is fully TTY compatible (coming and going from the system) and is designed with the extra prompts and configurable response times called for by Section 508.

Learn more about CX-E Section 508 compliance

Contact XMedius

Do you have any questions about Personal Assistant on the CX-E platform or any other voice applications offered by XMedius? Don’t hesitate to contact us and speak to one of our experts today.