Security & Trust

XION8 is a managed-compliance platform, so security is the product. This page summarizes how Next Orion LLC approaches the security and compliance posture of the Service.

Compliance posture

• XION8 is built on FedRAMP-authorized Microsoft Azure infrastructure, inheriting platform security controls aligned to the NIST 800-53 baseline.
• XION8 is architected to the NIST 800-53 and FedRAMP Moderate control baselines.
• Pursuing TX-RAMP authorization as part of our compliance roadmap.
• FedRAMP authorization is on our compliance roadmap.
• SOC 2 readiness is underway.

Security practices

• Tenant isolation — every data record is scoped to its tenant; no cross-tenant access.
• Secrets management — all secrets are held in Azure Key Vault; zero secrets in source code.
• Encryption in transit.
• Role-based access control — Admin, Technician, and ReadOnly roles.
• Multi-factor authentication via Microsoft Entra ID.
• Audit trails — administrative actions are logged.

Legal and data-processing documents

• Data Processing Agreement
• Sub-processors
• Privacy Policy
• Terms of Service

Contact

Questions about security or compliance? Contact us:
Next Orion LLC
PO Box 783, Edna, TX 77957
[email protected]