Passer directement au contenu principal

Cyber Security at Xerox 

The Cyber Security organisation at Xerox has the global responsibility of securing Xerox’s infrastructure and protecting Xerox’s information assets. It is led by the Xerox CISO and includes a global team of cyber professionals located across our offices in North America, Europe and Asia.

The top priorities of our Cyber Security organisation include: 

  • Establishing appropriate security policies, safeguards and controls to prevent, detect and respond to cyber attacks 

  • Managing cyber risks in a manner that meets regulatory and compliance requirements and aligns with customer expectations 

  • Securing Xerox intellectual property, products & services and supply chain in collaboration with Xerox business, product and IT teams​​ 

The Xerox Cyber Security organisation is comprised of the following teams and capabilities: 

Cyber Defense

​​​​​​​​​​​​​​​Responsible for protecting, detecting and responding to cyber-attacks on Xerox information assets. Some of the key activities/capabilities provided by this team include: 

  • Security Operations Center (SOC): delivers continuous (24/7) monitoring of Xerox’s information systems and performs appropriate action to contain and respond to cyber events 

  • Vulnerability Management: performs vulnerability scanning, prioritisation, reporting and remediation tracking of security vulnerabilities with the goal of improving system hardening and minimizing attack surface 

  • Offensive Security: continuously evaluates our infrastructure, applications, products and services using the same tactics, techniques and procedures of an adversary to identify and remediate security issues before being identified or exploited by an adversary 

  • Cyber Security Incident Response: performs triage, analysis, containment, and recovery of Xerox information systems from cyber security events 

  • Cyber Threat Intelligence and Threat Hunting: gathers cyber threat intelligence data, analyses for relevancy to Xerox information systems and performs threat hunting 

Governance, Risk and Compliance

​​​​​​​​​​​​​​​Responsible for managing Xerox Cyber Security policy and standards, risk and compliance programs. Some of the key activities/ capabilities provided by this team include: 

  • Security Policy Management: manages Xerox security policy and standards and reviews their enforcement across Xerox 

  • Security Awareness and Training: manages security training during employee and contractor onboarding and then on an ongoing basis to raise awareness about their security responsibilities and key cyber threats 

  • Disaster Recovery: governs the enterprise disaster recovery program and periodic testing of recovery plan and resiliency capabilities 

  • Third-Party Risk Management: performs due-diligence review of third-party supplier engagements at the time of initial procurement and subsequently during renewal depending on the engagement risk  

  • Compliance Management: manages certification and compliance programs including PCI, SOC 1, SOC 2, ISO 27001, FedRAMP, etc. 

Security Architecture & Testing

​​​​​​​​​​Responsible for incorporating security throughout the SDLC in collaboration with Xerox business, product and IT teams. Some of the key activities/ capabilities provided by this team include: 

  • Security Architecture Review: implements security-by-design into new applications and services through technical security design/ architecture reviews 

  • Security Testing: performs automated application scanning and manual penetration testing prior to go-live 

Identity & Access Management

​​​​​​​​Responsible for managing the technologies and processes for managing identities and their access across Xerox systems, services and applications. Some of the key activities/ capabilities provided by this team include: 

  • Identity Governance & Administration: manages technology and processes for identity provisioning, de-provisioning and life cycle management of Xerox identities and governs their access to various Xerox systems, services and applications

  • Access Management: manages the suite of technologies for authentication, single sign-on, multi-factor authentication and privileged access to various Xerox systems, services and applications.

Customer Security

Responsible for managing customer trust in Xerox products and services through collaboration with various Xerox business and product teams. Some of the key activities/capabilities provided by this team include: 

  • Customer Security Assessments: responds to customer inquiries and questionnaires regarding the security posture of Xerox products and services

  • Customer Contract Compliance: reviews security terms and conditions in customer contracts prior to execution and ensures our security program complies with applicable laws, regulations and customer expectations

In addition to the above, we work with our internal and external partners to evaluate and continuously improve our cyber security posture through:

  • External Penetration Testing: We engage external specialist cyber security consulting firms to perform penetration testing of high-risk enterprise infrastructure and customer-facing services. 

  • Security Audits: We perform comprehensive audits of our Cyber Security program through reputable external consulting firms. Additionally, internal audits are performed in areas deemed to be high risk. The results of external and internal audits are reported to the Audit Committee and fed into the continuous improvement cycle to continue to mature our Cyber Security program. 

Woman in system control center using a tablet

Security Solutions

The most security-minded businesses and governments choose Xerox.

Partager