This FAQ addresses some of the most commonly asked questions regarding the security and compliance considerations for Xfax.
Do you have any compliance certifications (e.g., SOC 2, ISO 27001)?
All Xfax infrastructure is hosted in Microsoft Azure Cloud, which inherently is ISO 27001 certified and holds SSAE 16 / ISAE 3402 attestation. We also adhere to the Information Security and Privacy Governance Framework aligned and in compliance with the SOC2 series and the Australian Government's (ACSC) Information Security Manual.
Can I choose to immediately delete fax records of successfully sent and received faxes?
Yes, tenant administrators can control automatic deletion of fax records for both inbound and outbound faxes.
How do you ensure compliance with data sovereignty laws?
Xfax leverages Azure technology infrastructure to maintain compliance with regional data protection regulations. All data is securely stored within Australian Azure regions.
Is my fax data encrypted during transmission and at rest?
Data at rest is protected with AES 256-bit encryption and data in transit is encrypted with TLS 1.2 which are approved by the Australian Government. Once the fax transmission begins, like traditional fax technology, there is no way to encrypt or secure the call itself (e.g., to the recipient's fax machine). Fax technology transmits your messages via phone lines, which is inherently secure.
What is your data retention and deletion policy, and can I change how long my data is stored?
This is controlled and specified by the tenant admins based on their requirements. Data retention is set at a per tenant level.
How do you ensure access control to faxed documents and who has permission to view or delete them?
Tenant and global administrators can only view metadata. Fax document access is restricted to the originating fax sender or receiver. Secure web delivery is also an available routing method which requires users to log into Xfax to view their fax document.
How do users securely access the platform?Xfax supports Azure single sign-on (SSO). Password policies and session controls are managed within the customer’s Azure tenancy and follow the configurations defined by their organisation. Multi-factor authentication (MFA) is also supported.
What security measures are in place to protect fax data against unauthorised access or breaches?
All public facing infrastructure is protected by Cloudflare WAF. We also utilise Azure infrastructure and various security features, including Microsoft Defender ATP and Azure Firewall. Our endpoints are scanned daily for emerging threats and vulnerabilities.
Do you offer audit trails and logging of fax transmissions for compliance purposes?
Yes, Xfax captures comprehensive audit trails and logging of both tenant portal activity and fax transmissions. This includes Activity and Call Detail Records. These logs are securely stored and are only viewable by tenant administrators.
