Because Ctrl+Z Can't Undo Everything Xero's Zero Backup Policy. Control-C: Three Your SaaS Data is One Outage Away from Disaster. Xero Gives You Zero Backup. We Give You Peace of Mind. Xero + Zero Backup = Zero Sense. Your SaaS Provider Has One Copy. You Deserve Another. Your Data's Second Chance. The Insurance Policy Your SaaS Provider Doesn't Offer.

ISO 27001 – the importance of backing up Xero.

ISO 27001, the international standard for information security management systems (ISMS), doesn’t specifically mandate a backup of financial records like Xero data. However, it emphasises the importance of protecting information assets against loss, damage, or unauthorised access.  

Here’s how the standard indirectly necessitates backups for financial data like that found in Xero:

  1. Confidentiality, Integrity, and Availability (CIA Triad): ISO 27001 revolves around the CIA triad.   1. A comprehensive guide to understanding ISO 27001 – unsecure Blog blog.usecure.io
    • Confidentiality: Financial data is highly sensitive and must be kept confidential to prevent unauthorised access or disclosure.
    • Integrity: Financial data must be accurate and complete, and its integrity must be maintained throughout its lifecycle.
    • Availability: Financial data must be accessible when needed for business operations, decision-making, and compliance purposes.
  2. Risk Assessment and Treatment: ISO 27001 requires organizations to conduct a thorough risk assessment to identify potential threats and vulnerabilities to their information assets. The loss of financial data due to system failures, natural disasters, or cyberattacks is a significant risk. Backups are a key control to mitigate this risk by ensuring that data can be restored in case of loss or damage.
  3. Information Security Controls: ISO 27001 Annex A.8.13 specifically addresses “Information Backup.” It requires organisations to:  
    • Identify information that needs to be backed up.
    • Determine appropriate backup frequencies.
    • Establish procedures for storing and securing backup copies.
    • Test and verify the effectiveness of backups.  
    • Regularly review and update backup procedures.
  4. Business Continuity: ISO 27001 also emphasises the importance of business continuity. Financial data is critical for many organizations’ operations, and its loss could severely disrupt business activities. Backups are a vital component of business continuity plans, allowing for the timely restoration of data and minimising downtime in case of disruptions.  

Therefore, while ISO 27001 doesn’t explicitly mention Xero data, the requirements for protecting information assets, mitigating risks, and ensuring business continuity effectively necessitate the implementation of robust backup strategies for financial records like those stored in Xero.

Backups ensure that even if the primary data is lost or compromised, a secondary copy is available for recovery, maintaining the confidentiality, integrity, and availability of this critical information.  

For Xero users, this means that their accounting data should be backed up regularly and securely to comply with ISO 27001 and to protect their business interests.

5 Steps to an Effective ISO 27001 Risk Assessment – IT Governance www.itgovernance.eu

Leave a Reply

Level 2, 142 Broadway, Newmarket,
Auckland 1023, NEW ZEALAND
Phone: (+64) 9 520 6397
Mobile: (+64) 21 40 30 33
Email: Control-C Sales
Web: Control-C

© Copyright by Control C Limited