Security vulnerability and penetration testing

Question

How does xMatters approach security testing?

Environment

All versions of xMatters

Answer

The xMatters Security team analyzes vulnerabilities and their potential applicability to the xMatters environment using continuous vulnerability scanning and penetration testing. In addition to our internal testing, external tests are conducted using Qualys Vulnerability Management and Veracode.

If a vulnerability is discovered, we enact remediation plans to protect against exposure.

Vendor penetration test reports, SOC 2 reports, and related security assessment documentation are published on the Everbridge Trust portal at https://trust.everbridge.com/:

• To obtain a copy of a vendor penetration test report: Go to the Trust portal and check the Public tab first for available reports. If the report you need is not publicly listed, select the All tab and complete the access request form to gain access.
• To obtain the current SOC 2 report for xMatters / Everbridge: Go to the Trust portal and sign in. Locate the SOC 2 report in the list of available documents. If you already have access, you can download it directly; if not, follow the portal process to request access and download it once permission is granted.
• To find the assessment date, findings rating, and current status: Open the relevant vendor penetration test report on the Trust portal (via the Public tab if available, or by requesting access from the All tab). These details are included within the report. As a reference, a previous assessment was published on 13 November 2024.

Users can access vulnerability and penetration testing findings and related security reports directly through the Trust portal. If you have additional questions, please contact: security@xmatters.com.