Xactware Information Security Frequently Asked Questions

At Xactware, we take data security seriously. We recognize the need for strong data protection practices and are committed to safeguarding our information assets and the data that clients entrust to us.

To that end, we have implemented a company-wide set of privacy, compliance, and security measures designed to protect the information housed within our infrastructure. Below please find answers to many frequently asked questions about our data security protocols and procedures.

Frequently Asked Xactimate Security Questions from Customers

1. Where does Xactware store its client data?
  • Xactware stores data in the continental regions where our clients reside.
  • Data for U.S. and Canadian clients is stored in Lehi, Utah; Somerset, N.J.; and Amazon AWS regions in North America.
  • Data for European clients is stored in Amazon AWS regions in Ireland and Germany.
  • Data for Australian and New Zealand clients is stored in the Sydney, Australia Amazon AWS region.
2.How is data encrypted in transit?
  • Xactware encrypts data in transit in line with FIPS-140 standards and uses TLS 1.2. and TLS 1.3.
3. How is data at rest encrypted?
  • Xactware encrypts data at rest using AES 256 at a minimum.
4. Do Xactware solutions support multi-factor authentication?
  • Yes. Customers can opt-in to multi-factor authentication for their Xactware ID.
5. Does Xactware support third-party federation?
  • Yes. We can set up third-party federation for clients that wish to employ it.
6. Do Xactware applications undergo third-party penetration testing?
  • Yes. While we do not allow customers to perform their own penetration tests against our production services, Xactware performs third-party application penetration testing at least once a year.
7. What cloud computing solution does Xactware use?
8. What redundancies does Xactware have in place?
  • Xactware employs redundancy throughout the infrastructure including redundant power systems, ISPs, firewalls, servers and storage arrays at our datacentres.
  • We maintain facilities necessary to reproduce our central site production infrastructure in the event of a disaster situation.
  • This includes loss of access to, or use of, our datacentre and associated power, data lines, critical servers, or network devices.
  • Xactware has a robust disaster recovery plan that is tested at least annually.
9. What is Xactware’s plan should a data breach occur?
  • Xactware has a thorough incident response program that adheres to principles outlined in NIST Guideline 800-61, “Computer Security Incident Handling Guide”.
  • We also have firewalls, IDS, anti-malware, and load balancers in place at the perimeter of our infrastructure to thwart threats and provide maximum availability to the application.
10. Where can I get more information?
  • Verisk has published an extensive document detailing our corporate-wide approach to Cybersecurity and protecting data that is available at https://www.verisk.com/csr/governance/managing-and-protecting-data/
  • In addition, feel free to reach out to your account representative or our support team if you need further information beyond this.