Xoxoday
  • 📓User Resources
    • 👨‍💼For Admins
      • 📌Getting Started
        • ⚙️Settings
          • Manage Super Admin/Admins
            • Hierarchy vs Non-Hierarchy
            • Threshold
            • Delete an Admin
            • Redemption APIs
              • Generic Redemption APIs
              • Oauth 2.0 Implementation for Stores Redemption
          • Platform Preferences
          • Account Verification
        • Types of Companies
      • 🚀Plum Launch Communication Kit
        • 🌉Pre-Launch Templates
        • 🤝Introduction to Plum Templates
        • 📺How to Sign up on Plum’s reward storefront Template
        • 📑How to Bookmark Plum’s reward storefront for easy access Template
        • 🎉How to Redeem the Rewards on Plum’s Reward Storefront?
      • Xoxo Points
        • 📌Getting Started
        • 🚚Distribution of Xoxo-points
        • 📩Email/SMS Customization
        • FAQs
      • Xoxo Codes
        • 📌Getting Started
        • 🚚Distribution of Xoxo-codes
        • 📩Email, SMS, and Xoxo Code Campaign Customization
        • FAQs
      • Points vs Codes
      • Xoxo Links
        • 📌Getting Started
        • 🚚Distribution of Xoxo-links
        • FAQs
      • Domain Authentication Guide
        • Troubleshooting Domain Authentication
      • 💰Add Funds
        • Base Currency
      • Campaigns
        • Getting Started
        • Editing a campaign?
        • Delete/disabling a Xoxo Campaign?
      • 🏬Reports
      • 💳Prepaid Card User Guide
        • Virtual Paypal International
          • 📌Getting Started
          • 📭How to Redeem?
        • Virtual Visa Card
          • 📌Getting Started
          • 💳How to Redeem?
      • 🔐Security and Compliance
        • Cryptography & Encryption
        • Email Whitelisting
        • Governance, Risk, & Data Compliance
        • Application,Dev & Security
        • Cloud Security
        • HR Compliance
        • Identity & Access Management
        • Solution Development
        • Security Operations
        • Training and Awareness
        • Vulnerability and Threat Management
        • Security Operations & Technical Capabilities and Support
        • Data Management
        • Policies & Procedures
        • Tax Compliance
        • Privacy Compliance
        • Cloud Security Alliance
        • Others
        • Documents
          • Data Security
          • Information Security
          • Admin/Business
          • Others
          • Finance Compliance
    • 🧑‍🤝‍🧑For End-Users
      • 📌Getting Started
      • 🧑‍💻Signing up/Logging in
      • 🪙How to redeem?
      • 💳Gift Vouchers
      • 🎁Gift Box Queries
      • 🚚Delivery Related Issues
      • 🛑Cancelation/Refunds
    • 🔗Pre-Built Integrations
      • Qualtrics Integration Guide
        • Using Qualtrics Workflow Extension to Send Rewards
        • Public Survey Rewarding
        • Anonymous Survey Rewarding
      • HubSpot + Plum
        • 1-1 Reward Widget in HubSpot
        • Workflow Based Reward Automation
        • 1-Many Link for Xoxolink’s Reward Automation
        • Email based Reward Automation
      • Darwinbox + Plum
      • SurveyMonkey + Plum
        • Public Survey Automation
        • Anonymous Survey Automation
      • Zapier + Plum
      • ActiveCampaign + Plum
        • Creating Automation
      • Salesforce + Plum
        • Getting Started with Xoxoday Plum
        • Getting Started and Setting up Salesforce Integration
        • Sending 1-1 Reward
        • Steps to create a Flow and add a Trigger
        • Redemption Journey for your Recipients
      • Typeform + Plum by Xoxoday
      • Zoho People + Plum
      • SAP Successfactors + Plum
        • SAP Client Registration with Xoxoday for Stores Redemption
      • Decipher - Forsta Integration
      • Zoho CRM
        • Send 1-1 rewards
        • Automation : Workflow Rules
      • Connect Plum to thousands of apps using Zapier
      • Other Integrations
    • 🛣️Product Roadmap
      • 2022
      • 2021
  • 👨‍💻Developer Resources
    • Rewards API
      • Getting started
      • API Endpoints
        • Authentication
          • Client ID, Secret ID, and Token Creation
          • Token Management
        • Catalog
          • GetVouchers API
          • GetFilters API
        • Orders
          • PlaceOrder API
          • GetOrderDetails API
          • GetOrderHistory API
        • Account Balance
          • GetBalance API
        • Postman Collection URL
      • Concepts
        • Staging Environment
        • Catalog
        • Error Handling
          • Standard HTTP status code summary
          • Errors related to API
        • Exchange Rates
      • Guides
        • Funding the Account
        • Reporting and Analytics
      • Webhooks
        • Test Webhooks
        • How to implement webhooks?
        • How to secure your webhooks?
      • Forex
      • Best Practices
      • Frequently Asked Questions
    • StoreFront Integration
      • Getting started
      • API Endpoints
        • Authorization
        • Token Creation & Token Management
        • SSO Redirection
        • End Points
      • Concepts
        • Points
      • Guides
        • Funding Account
        • Reports and Analytics
    • Xoxo Link API
    • Roadmap for 2021
  • 📅Release Notes
    • Release April 2023
    • Release March 2023
    • Release February 2023
    • Release December 2022
    • Release October 2022
    • Release September 2022
    • Release July 2022
    • Release May 2022
    • Release March 2022
    • Release February 2022
    • Release December 2021
    • Release November 2021
    • Release October 2021
    • Release September 2021
    • Release July 2021
    • Release May 2021
    • Release March 2021
    • Release December 2020
    • Release October 2020
    • Release September 2020
    • Release August 2020
    • Release June 2020
    • Release May 2020
    • Release April 2020
    • Release March 2020
Powered by GitBook
On this page
  • Do you have the ability to logically segment or encrypt customer data such that data may be produced for a single tenant only, without inadvertently accessing another tenant's data?
  • Do you logically and/or physically separate tenant systems from corporate systems?
  • Are information system documents (e.g., administrator and User guides, architecture diagrams, etc.) made available to authorized personnel to ensure configuration, installation, and operation of the information system?
  • Can you a provide dedicated computing environment for the tenant?
  • Do you provide the logical segregation of tenant data and the application?
  • Do you logically and physically segregate production and non-production environments?
  • Are there any coding standards in place?
  • Are there any teams that can deploy code into production environments without it passing through the QA process?
  • How regularly are backups tested - has the recovery process ever been tested?
  • Describe your incident escalation process?
  • Describe your key management processes.
  • How is product security considered during the development process?

Was this helpful?

  1. User Resources
  2. For Admins
  3. Security and Compliance

Solution Development

Do you have the ability to logically segment or encrypt customer data such that data may be produced for a single tenant only, without inadvertently accessing another tenant's data?

Yes, our network environment is designed and configured to restrict any communication and connection between the tenant's environment and our corporate network.

Do you logically and/or physically separate tenant systems from corporate systems?

Yes, our logic to physically separate tenant systems is made possible by assigning each tenant's data a client-specific key that is uniquely encrypted for maximum security.

Are information system documents (e.g., administrator and User guides, architecture diagrams, etc.) made available to authorized personnel to ensure configuration, installation, and operation of the information system?

Yes, all the resources that are needed for configuration, installation, and operation of information systems are made available to the authorized personnel for their perusal.

Can you a provide dedicated computing environment for the tenant?

No, we have a holistic computing environment which uses logical methods of isolation to keep the tenant's data secure.

Do you provide the logical segregation of tenant data and the application?

Yes, we logically segregate the tenant's data and the application.

Do you logically and physically segregate production and non-production environments?

Yes, physical segregation is done for production and non-production environments.

Are there any coding standards in place?

As per the SDLC process we have defined General Coding Practice and some salient points are -

  • We use parameterized queries.

  • All PI data need will be encrypted

  • All our communications will be over secure channels only and many more.

Are there any teams that can deploy code into production environments without it passing through the QA process?

No. All the deployments will take place only upon QA Process.

How regularly are backups tested - has the recovery process ever been tested?

Backups are automated and tested/reviewed on a weekly basis. Recovery process has been tested during the annual BCP test to make sure that implemented controls are working effectively. All the customer data backup has been stored on AWS/MS Azure Virtual platform cloud and all the data at rest has been encrypted.

Describe your incident escalation process?

Information security and Technology Team will be responsible for evaluating the incident and appropriately initiating the escalation process and holds the overall responsibility to monitor the activity and facilitate any action. If the problem requires further investigation, IT will assign the ticket to the appropriate Support Groups and escalate it CTO.

Describe your key management processes.

We use a split key mechanism to ensure that every client's key is unique.

  • We perform annual key rotation.

  • Keys are generated using the KMS service whenever needed.

  • We store keys in KMS.

How is product security considered during the development process?

We have implemented the systems development life cycle (SDLC) Procedure. Our code reviews and analysis run through stringent eyes of automated technologies as well as manual source code overview to cover any security loopholes prior to the production phase. We also conduct vulnerability and penetration testing and fix the identified observations. Upon passing all the security and quality checks the new version of the product will be released.

PreviousIdentity & Access ManagementNextSecurity Operations

Last updated 3 years ago

Was this helpful?

📓
👨‍💼
🔐