Overview

XMLDation maintains an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022. The ISMS covers all activities relevant to the XMLDation platform — development, support, and maintenance — located in Finland and remote locations. The CISO holds overall responsibility for ensuring conformance and reports on performance to the Management team.

Security Objectives

• 0 major security breaches
• 99.3% service availability annually
• Critical vulnerability remediation (CVSS v3.0 score 10.0, actively exploited): < 48 hours

Scope

All XMLDation internal organization, locations, and assets. Information classified as Public, Confidential, and Sensitive. Critical third-party services validated through ISO 27001 certification or formal risk assessment.

Key Policies & Controls

• Data and Data Privacy Policy (GDPR compliance)
• XMLDation Service Data Policy
• Software and Product Development Policy
• HR Policy (personnel screening)
• Disaster Recovery Procedure
• Cryptographic Key Management Process

Compliance & Regulatory Alignment

Governance Activities (Year Clock)

Internal audits, independent ISO 27001 reviews, technical compliance reviews, user access reviews, third-party penetration testing, annual management review, and security awareness training for all staff.

Performance Metrics

Tracked monthly/annually: exposed vulnerabilities, customer-found issues, service unavailability events, and phishing incidents (via Azure AD risky sign-ins).

Risk Management

Annual risk assessments with treatment plans, ad-hoc assessments for new products/projects (e.g., AI features in 2025), and continual improvement driven by audits and customer assessments.

Strategic Alignment

The ISMS supports XMLDation's goals to prepare for threats from handling more business-critical data, address AI-related security challenges, and create competitive advantage through demonstrable security practices.