Get in touch
Security

Our commitment to security

We prioritise security above all, using industry-leading security measures to ensure that your information is safe, secure, and accessible at all times. Discover how we combine advanced tools, rigorous processes, and a culture of vigilance to safeguard your data and operations.

Rectangle 1 10 (8)

Dedicated security team

At Maxxton, our dedicated team of security professionals is committed to safeguarding and improving the security of our systems, products and data. The team focuses on:

  • Infrastructure Security
  • Data Security
  • Corporate Information Security
  • Governance, Risk and Compliance (GRC)
  • Continuous Security Awareness Training and testing for all employees

This comprehensive approach ensures that security is integrated at every level of our operations. 

Security - Dedicated Security Team

Monitoring and incident readiness 

  • 24/7 monitoring: Our systems are continuously monitored for suspicious activities and potential threats. 
  • Incident response plan: We have a detailed incident response plan to quickly address and resolve security issues, minimising the impact on our customers.
  • Disaster recovery: Our disaster recovery plans are crafted to reduce disruption in worst-case scenarios, with regular backup validations ensuring data integrity and rapid recovery.


Security - Monitoring and Incident Readiness

Infrastructure Security

  • Google Cloud hosting: Maxxton software operates on Google Cloud, utilising the same advanced security infrastructure and real-time security patches trusted by Google to protect its own system.
  • Scalable, self-healing systems: Our infrastructure dynamically scales to meet demand while continuously monitoring the systems' health, guaranteeing seamless performance.
  • Fortified protection against threats: Leveraging Google’s Load Balancer and Cloud Armor, we ensure resilience against DDoS attacks. At the same time, the Web Application Firewall (WAF) with pre-configured OWASP rules actively blocks malicious traffic. Continuous intrusion detection monitoring for suspicious activity, with critical alerts escalated to senior engineers around the clock for rapid response. 
Security - Infrastructure Security

Data security and certifications

  • Secure images: We provide robust code security through rigorous manual and automated code reviews to identify vulnerabilities. Additionally, only authorised images undergo vulnerability scans before deployment, providing a secure pipeline.
  • Access Controls: Identity and Access Management (IAM) ensures the Least Privileged Principle is maintained across environments.
  • Change Monitoring: Critical changes, such as IAM and firewall configurations, trigger immediate alerts, maintaining accountability.
  • Certifications: PCI DSS, ISAE-3402, and NF525 certified, with annual audits upholding compliance.
  • Penetration Testing: Regular external tests conducted by KPMG, Xebia, and Onvio validate our defences.
  • Secure APIs: Our APIs are developed with security as a foundational principle, incorporating robust authentication and authorisation mechanisms.



Security - Data security and certifications

Human-centric security

  • Rigorous training: To cultivate a strong security culture, employees undergo over 700 hours of annual security training and are required to adhere to security policies during onboarding.
  • Continuous testing: In 2024, we conducted over 2,500 phishing simulations, with our risk rate being 23.4 percentage points below the industry average.
  • Dedicated security team: Our proactive security team promotes company-wide collaboration through open forums, so security is a shared responsibility at all organisational levels.
Security - Human-centric security

Switch to Maxxton and experience enhanced security

Talk to our experts