XTC Consulting Logo

XTC Consulting

IT Solutions & Services

Security Policy

Our Commitment to Security

At XTC Consulting, we are committed to maintaining the highest standards of security for our clients, partners, and our own systems. This security policy outlines our approach to protecting data and ensuring the integrity of our IT infrastructure.

We continuously review and update our security practices to address emerging threats and vulnerabilities in the digital landscape.

Data Protection

We implement robust measures to protect all data entrusted to us:

  • All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access to client data is strictly limited to authorized personnel on a need-to-know basis.
  • Regular security audits and vulnerability assessments are conducted to identify and address potential risks.
  • We maintain comprehensive backup systems with regular testing to ensure data can be recovered in case of an incident.

Vulnerability Disclosure

We value the input of security researchers and the broader community in identifying potential vulnerabilities:

  • If you discover a security vulnerability in our systems, please report it to security@xtcconsulting.com.
  • We commit to acknowledging receipt of vulnerability reports within 48 hours.
  • We will investigate all legitimate reports and do our best to quickly fix the problem.
  • We will not take legal action against or suspend services to those who report security issues in good faith.

For more details on our vulnerability disclosure program, please refer to our security.txt file.

Client Security Responsibilities

While we implement comprehensive security measures, security is a shared responsibility:

  • Clients are responsible for maintaining the confidentiality of their account credentials.
  • We recommend using strong, unique passwords and enabling two-factor authentication where available.
  • Clients should promptly report any suspected security incidents or unauthorized access to their accounts.
  • Regular updates and security patches should be applied to client-managed systems and software.

Incident Response

In the event of a security incident:

  • We have a dedicated incident response team ready to address security breaches.
  • We will promptly notify affected clients in accordance with our contractual obligations and applicable laws.
  • We will work diligently to contain and remediate any security incidents.
  • Post-incident, we conduct thorough reviews to prevent similar incidents in the future.

Contact Information

For security-related inquiries or to report a security incident, please contact:

Email: security@xtcconsulting.com

Phone: 714.926.9472 (during business hours)

This security policy was last updated on December 1, 2023.