Security assessment pilot on Xedule completed

SURF Vendor Compliance has completed a security assessment pilot on Xedule. This assessment was a joint initiative that provided both parties with a great deal of relevant knowledge.

Xedule

Xedule approached SURF due to their focus on improving privacy and security within their environment. This was also evident from its cooperation and follow-up of the DPIA that was previously carried out and published.

Xedule saw participating in an external audit as a valuable chance to strengthen its security policies and assist SURF simultaneously. Furthermore, broadening the audit into a comprehensive security assessment offered a clear pathway for converting results into practical, actionable measures.

Security assessments by SURF Vendor Compliance

In developing the services within SURF Vendor Compliance, it was decided to tackle security processes in addition to DPIAs and DTIAs (with a focus on privacy). Therefore, SURF took up the TUV Nord audit, which was originally conducted to test the SURF Security Baseline, as a pilot project to perform a full security assessment on Xedule based on the audit results.

Results

The assessment identified several points requiring attention, both concerning the applicability of the Security Baseline within our sector and regarding several necessary refinements to the Xedule's’ security policies.

It will be possible to review the substantive findings from the assessment in a one-time-only onsite session at SURF in Utrecht. This will be organized in the first quarter of 2026 and under the professional supervision of the SURF CISO together with the Xedule representative. This session is for SURF members only (who are using Xedule).

In addition, there are two institutional recommendations that SURF Vendor Compliance actively shares with its members (who are also Xedule customers). This will take place in the first quarter of 2026.

For questions, please contact SURF Vendor Compliance: vendorcompliance@surf.nl or Xedule: security@xedule.nl