Xero security features

HomeInformation Centre
accountants working on financial accounts using accounting software
Partner & Consultant
April 17, 2020
minute read

See how Xero’s security features keep your business data safe and secure online

In an increasingly connected world, it’s critical for your business to keep data safe, particularly when it comes to your accounting. If you’re looking for a robust yet user-friendly accounting platform, you can’t go past Xero.

In this article we'll show you the raft of security features that Xero uses to keep your data safe from malicious activity, and ensures your business stays on track.

See the difference that Xero can make to your business accounting. Contact Liston Newton Advisory today to speak with one of our Xero accounting specialists.

Security assurance

As a leading accounting software platform Xero takes the security of its customers’ data extremely seriously.

You can take comfort that Xero:

  • Is certified compliant with ISO/IEC 27001:2013, the premier and globally recognised information security management system (ISMS) standard.
  • Engage independent auditors to perform assessments of Xero’s security mechanisms on a daily basis, ensuring that their data security measures are secure as possible.
  • Has produced a Service Organisation Control (SOC 2) report, which outlines an independent auditor's examination of Xero's security system (relevant to the Trust Services Criteria for Security, Availability, and Confidentiality).
  • Complies with the Payment Card Industry Data Security Standard (PCI DSS) v3.2, SAQ A.

Data protection

Man touching with his finger a data security concept on a touch screen

One of Xero’s important security features is the ability for the user to control who sees your data, and how much they can see. As the owner of your business’ Xero account, nobody gains access to your data unless you invite them to.

You’re able to control the level of data they can see, and the actions they’re able to take.

There are also different levels of access available, depending on the roles your team play within your business. Here are the most common levels of access you'll use:


  • Admin access to create and post pay runs, add and remove employees, and run reports
  • Employee access to enter timesheets, submit leave, and access own My Payroll


  • Admin access to enter, edit, approve, and decline expenses, run reports, and see other employees’ expenses.
  • Approver access — similar to admin access, but can’t run reports or see other employees’ expenses
  • Submitter access to enter, edit, and submit their expenses only


  • Admin access full access to projects, reports, and financial information
  • Standard access — similar to admin access, but can’t access cost rates or staff-related financial information
  • Limited access to view, add, and change their own entries. Can view projects and tasks that others create

Business and Accounting

  • Adviser access: full and unrestricted range to all areas of Xero. If not the subscriber, no access to change payment details or pricing plan
  • Read only access where a user can view most areas of Xero, but can’t edit or create transactions or run new reports
  • Standard access where a user can access most areas of Xero, with cash coding and reporting available as optional
  • Invoice only access: this level only offers access for entering quotes, invoices, bills, credit notes, and purchase orders. Level of access can be varied depending on the role

Extra permissions

You can customise some adviser and standard user permissions depending on the role within your business. These allow you to create specific access permissions for your payroll team, regular reconciliation use, bank account admin, and allows you to manage users as needed.


Xero is available on-demand 24/7 for those with the right access permissions. As a cloud-based system, you can access it from any electronic device, wherever you are.

As a Xero customer your business gets free unlimited support from their customer support team, who work around the clock. Depending on the complexity of your question, the response time can vary, so be aware of this if you’re in a rush.

If you prefer to find answers yourself, the support database Xero Central is full of useful articles and resources to help you out.

Disaster recovery

man touching cloud data back up icon on touch screen with his finger

Xero’s secure cloud platform far surpasses the old days of storing all your accounting information on your computer. This method was particularly susceptible to breaches or data loss during power outages, and only able to be resolved by a qualified technician.

Instead, Xero perform daily data replication between their geographically diverse and protected facilities to ensure your business can continue to run smoothly in any situation. This means that your business is never reliant on one data source, and your data is regularly backed up and encrypted.

In the unlikely event of a blackout, or any form of data loss, Xero has the ability to switch to their backup site. This ensures you can still use their system, even during major disruptions.

Protection from phishing and malicious activity

From time to time, cyber criminals may try to gain access to your sensitive information. This can be your account login details, bank account details, or personal details.

Xero have a specialised security team who work 24/7 to monitor and detect suspicious and malicious activity on their accounts, and review access logs.

If they notice any peculiar activity on any account, they will investigate and respond, going directly to the user and providing steps to protect your information. Some instances will require them to disable your account, but this is only a precautionary measure to stop the initial threat.

Security noticeboard

Xero stay up to date with the latest security threats, and pass this information on to you immediately in their Security Noticeboard.

Here you can get warnings on the latest scams, recommendations on how to protect yourself from them, and have the avenue report a scam yourself.

Two-step authentication

Xero use two-step authentication to provide you that extra layer of protection.

All you need to do is download an authentication app directly to your phone, and you’re able to set up this security measure through Xero Central.

Then when you log in to Xero, your authentication app generates a new passcode, which you enter along with your other login information. It’s just one more step to keep your data safe online.

The final word

Xero is designed to keep your business’ data safe and secure, and as Xero Gold Partners, we highly recommend this fantastic platform to all our clients.

With customised access options, two-step authentication, 24/7 availability, and robust disaster recovery practices, you can rely on this cloud platform to keep your business’ finances running smoothly.

Related articles