security & compliance
The security of your organisation and your data is a top priority for SFI Allegro (SFI). We are committed to providing our customers with tailored and integrated cloud work management software, Xugo, to effectively and efficiently track and manage compliance-related activities while ensuring scalability and security.
SFI adheres to the following privacy, security, and accessibility regulations and protocols to ensure the protection of your data.
ISO 9001 Certified Quality Management System
SFI was first registered to ISO 9001:2015 in November 2017 and has had regular surveillance audits since then. We are proud that SFI has been repeatedly commended by auditors for its adherence to ISO standards and requirements. We develop effective processes for everything from research and development and product implementation to sales and customer support, strive to create a high-quality product, and implement ongoing improvements that will meet or exceed customer needs.
SFI has adopted ISO methodologies and submits itself to regular ISO audits. The audits examine processes within the company and confirm that we comply with ISO standards and requirements. SFI follows the requirements, specifications, guidelines and characteristics set forth to ensure that we are consistently providing solutions, products, processes and services that meet world-class standards. Our clients can expect a constant and high level of quality and reliability from our work.
The regular internal and external auditing and assessments of our Quality Management system ensure there is emphasis on continual improvement, sustainability, teamwork and achievement of client satisfaction. Also as part of our commitment to quality and compliance management, SFI maintains ISO/IEC 27001:2022 accreditation.
ISO 27001:2022 Information Security Management Certified
SFI is ISO/IEC 27001:2022 certified as of September 2023. ISO 27001 is an auditable international standard which is recognised globally for a company’s information security management system (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls, and is the only such standard currently in existence.
The standard ISO 27001 requires SFI to ensure a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving our ISMS. We believe our compliance helps us to protect our information assets and gives additional confidence to businesses we do business with - especially our customers, on whose behalf we often manage information. Accreditation helps to assure them that their information is properly protected.
ISO 27001 compliance also holds benefits for SFI and independently demonstrates that:
- Our internal controls meet corporate governance and business continuity requirements.
- All applicable laws and regulations are observed in order to protect company information.
- Any company risks are properly identified, assessed and managed and formalises information security processes, procedures and documentation.
- The security of all customer, vendor and employee information is paramount.
security and user awareness training
how Xugo keeps your information safe & secure
Securing your sensitive data
We ensure your sensitive data is protected and available online. We follow IT security best-practices and our applications are hosted with leading cloud providers, certified for their physical and platform security.
Implement single sign-on and multi-factor authentication
Xugo supports single sign-on (SSO) capability and multi-factor authentication, information is encrypted at rest and in transmission between your systems using industry-standard encryption. We also leverage third-party security services to further reduce vulnerabilities and threats to your data.
Be confident against threats with your data isolated
Xugo data environments are isolated by customer and accessible only by secure IPSEC or SLL VPN gateway. Access to Xugo is strictly limited to authorised support personnel, with all access and activity logged and monitored.