Blog  |  About  |  |  AICPA Store  |       
Contact me

Your Data Security

FAQs provided by XCM Solutions

1.   Is my firm's data secure?

All network interactions between your client system and the XCM Solutions site are secured through 128-bit SSL/Secure Sockets Layer encryption. XCM Solutions uses VeriSign (, the Internet's oldest and largest certificate security provider. XCM Solutions houses its network infrastructure at a SAVVIS ( state-of-the-art datacenter located in Massachusetts. SAVVIS datacenters conform to and have been awarded SAS 70 Type II compliance. SAVVIS has its own Tier 1 Internet backbone and provides secure, optimized network performance for its customers, earning the best uptime record in the industry. Physical access to the XCM Solutions site, which is housed in a dedicated and locked datacenter cage, is strictly controlled through formal access lists enforced and audited by biometric devices, key cards, and manual code entry.

In order to gain logical access to the XCM application, you must supply login credentials. Your firm administrators control access to the XCM site by creating and maintaining firm users and granting appropriate permission levels to each. XCM is extremely rigorous in its continual checking of user credentials and is audited regularly by an independent security assessment team from nGuard (

Although the XCM database typically contains little or no sensitive data because it is a workflow application whose content is completely controlled by firm policies concerning XCM's use, the database is fully protected behind two layers of redundant firewalls with no direct access to it from the Internet. The XCM site exemplifies industry standard best practices for site security design.

Back to Top

2.   If we are going to depend on XCM for our workflow solution, how do we know it will be reliable?

In addition to security, reliability and performance are paramount in the XCM site design.

The XCM servers are located in a SAVVIS state-of-the-art datacenter with a 100% uptime record. SAVVIS was chosen for its reputation as an industry leader in datacenter design and maintenance. The datacenter can operate indefinitely without public power in the event of a failure, is multiply redundant for Internet connectivity, and is staffed 24x7 with engineers who operate according to formally approved SAS 70 Type II policies and procedures.

Unlike some SaaS (Software as a Service) providers who simply outsource their infrastructure responsibilities to third parties, XCM Solutions controls every aspect of its site directly, ensuring that reliability is built into all components. Each portion of the site, network devices, web presentation layer, middle tier application layer, and data layer, is redundant, eliminating single points of failure and preserving reliable, continued uptime even in the event of a component failure.

Through extensive testing prior to releases, the XCM development and engineering teams make sure that performance is not affected by the addition of new features, and that XCM remains quick and responsive, even through the busiest times of the year.

Back to Top

3.   We take advantage of XCM's ability to link pertinent documents to workflow tasks for easy reference. Are those stored securely?

The document references are simply links on the page and the documents remain stored on your firm's network. The only data that is placed into the XCM database is the link path to the selected firm document. Only a firm user, logged into XCM while connected to the firm's network, would be able to open the links and view the files, subject as always to the firm's network security.

Back to Top

4.   Where is the XCM data located, in the U.S.?

The XCM data is in a secure, locked datacenter cage located in Massachusetts at a SAVVIS facility. The only logical access to this data is through authenticated logins created and managed by firm administrators. XCM employee administrators are further restricted in that their accounts are only valid from specific U.S. locations.

For disaster recovery purposes, a copy of the XCM database resides in a secure datacenter located in North Carolina. Just as with the primary datacenter in Massachusetts, access is strictly controlled and audited by biometric devices, key cards, and manual code entry.

Back to Top

5.   What if I forget my password or login name?

Your login name and password are created and maintained solely by your firm's administrators. They will be able to verify your login name and reset your password. XCM support personnel will never reset passwords for firm users.

Back to Top

Sign up for a demo today