Xoxoday
  • 📓User Resources
    • 👨‍💼For Admins
      • 📌Getting Started
        • ⚙️Settings
          • Manage Super Admin/Admins
            • Hierarchy vs Non-Hierarchy
            • Threshold
            • Delete an Admin
            • Redemption APIs
              • Generic Redemption APIs
              • Oauth 2.0 Implementation for Stores Redemption
          • Platform Preferences
          • Account Verification
        • Types of Companies
      • 🚀Plum Launch Communication Kit
        • 🌉Pre-Launch Templates
        • 🤝Introduction to Plum Templates
        • 📺How to Sign up on Plum’s reward storefront Template
        • 📑How to Bookmark Plum’s reward storefront for easy access Template
        • 🎉How to Redeem the Rewards on Plum’s Reward Storefront?
      • Xoxo Points
        • 📌Getting Started
        • 🚚Distribution of Xoxo-points
        • 📩Email/SMS Customization
        • FAQs
      • Xoxo Codes
        • 📌Getting Started
        • 🚚Distribution of Xoxo-codes
        • 📩Email, SMS, and Xoxo Code Campaign Customization
        • FAQs
      • Points vs Codes
      • Xoxo Links
        • 📌Getting Started
        • 🚚Distribution of Xoxo-links
        • FAQs
      • Domain Authentication Guide
        • Troubleshooting Domain Authentication
      • 💰Add Funds
        • Base Currency
      • Campaigns
        • Getting Started
        • Editing a campaign?
        • Delete/disabling a Xoxo Campaign?
      • 🏬Reports
      • 💳Prepaid Card User Guide
        • Virtual Paypal International
          • 📌Getting Started
          • 📭How to Redeem?
        • Virtual Visa Card
          • 📌Getting Started
          • 💳How to Redeem?
      • 🔐Security and Compliance
        • Cryptography & Encryption
        • Email Whitelisting
        • Governance, Risk, & Data Compliance
        • Application,Dev & Security
        • Cloud Security
        • HR Compliance
        • Identity & Access Management
        • Solution Development
        • Security Operations
        • Training and Awareness
        • Vulnerability and Threat Management
        • Security Operations & Technical Capabilities and Support
        • Data Management
        • Policies & Procedures
        • Tax Compliance
        • Privacy Compliance
        • Cloud Security Alliance
        • Others
        • Documents
          • Data Security
          • Information Security
          • Admin/Business
          • Others
          • Finance Compliance
    • 🧑‍🤝‍🧑For End-Users
      • 📌Getting Started
      • 🧑‍💻Signing up/Logging in
      • 🪙How to redeem?
      • 💳Gift Vouchers
      • 🎁Gift Box Queries
      • 🚚Delivery Related Issues
      • 🛑Cancelation/Refunds
    • 🔗Pre-Built Integrations
      • Qualtrics Integration Guide
        • Using Qualtrics Workflow Extension to Send Rewards
        • Public Survey Rewarding
        • Anonymous Survey Rewarding
      • HubSpot + Plum
        • 1-1 Reward Widget in HubSpot
        • Workflow Based Reward Automation
        • 1-Many Link for Xoxolink’s Reward Automation
        • Email based Reward Automation
      • Darwinbox + Plum
      • SurveyMonkey + Plum
        • Public Survey Automation
        • Anonymous Survey Automation
      • Zapier + Plum
      • ActiveCampaign + Plum
        • Creating Automation
      • Salesforce + Plum
        • Getting Started with Xoxoday Plum
        • Getting Started and Setting up Salesforce Integration
        • Sending 1-1 Reward
        • Steps to create a Flow and add a Trigger
        • Redemption Journey for your Recipients
      • Typeform + Plum by Xoxoday
      • Zoho People + Plum
      • SAP Successfactors + Plum
        • SAP Client Registration with Xoxoday for Stores Redemption
      • Decipher - Forsta Integration
      • Zoho CRM
        • Send 1-1 rewards
        • Automation : Workflow Rules
      • Connect Plum to thousands of apps using Zapier
      • Other Integrations
    • 🛣️Product Roadmap
      • 2022
      • 2021
  • 👨‍💻Developer Resources
    • Rewards API
      • Getting started
      • API Endpoints
        • Authentication
          • Client ID, Secret ID, and Token Creation
          • Token Management
        • Catalog
          • GetVouchers API
          • GetFilters API
        • Orders
          • PlaceOrder API
          • GetOrderDetails API
          • GetOrderHistory API
        • Account Balance
          • GetBalance API
        • Postman Collection URL
      • Concepts
        • Staging Environment
        • Catalog
        • Error Handling
          • Standard HTTP status code summary
          • Errors related to API
        • Exchange Rates
      • Guides
        • Funding the Account
        • Reporting and Analytics
      • Webhooks
        • Test Webhooks
        • How to implement webhooks?
        • How to secure your webhooks?
      • Forex
      • Best Practices
      • Frequently Asked Questions
    • StoreFront Integration
      • Getting started
      • API Endpoints
        • Authorization
        • Token Creation & Token Management
        • SSO Redirection
        • End Points
      • Concepts
        • Points
      • Guides
        • Funding Account
        • Reports and Analytics
    • Xoxo Link API
    • Roadmap for 2021
  • 📅Release Notes
    • Release April 2023
    • Release March 2023
    • Release February 2023
    • Release December 2022
    • Release October 2022
    • Release September 2022
    • Release July 2022
    • Release May 2022
    • Release March 2022
    • Release February 2022
    • Release December 2021
    • Release November 2021
    • Release October 2021
    • Release September 2021
    • Release July 2021
    • Release May 2021
    • Release March 2021
    • Release December 2020
    • Release October 2020
    • Release September 2020
    • Release August 2020
    • Release June 2020
    • Release May 2020
    • Release April 2020
    • Release March 2020
Powered by GitBook
On this page
  • Are all personnel required to sign NDA or Confidentiality Agreements as a condition of employment to protect customer/tenant information?
  • Do you specifically train your employees, contractors, third-party users regarding their specific role and the information security controls they must fulfill?
  • Are personnel trained and provided with awareness programs at least once a year?
  • More info below:

Was this helpful?

  1. User Resources
  2. For Admins
  3. Security and Compliance

Training and Awareness

Are all personnel required to sign NDA or Confidentiality Agreements as a condition of employment to protect customer/tenant information?

Yes, our personnel - both full-time and on-contract are bound by an agreement of non-disclosure and a confidentiality agreement as a condition of employment to protect the customers and tenant's information.

Do you specifically train your employees, contractors, third-party users regarding their specific role and the information security controls they must fulfill?

Yes, all the employees and personnel pass through induction and job training, along with contractors and third-party users for their share of information security controls.

Are personnel trained and provided with awareness programs at least once a year?

Yes, all personnel are well trained with awareness programs annually.

More info below:

Questions

Answers

Do you have an information security awareness training program? Do you perform phishing tests on your employees? Please describe frequency of the security awareness training, phishing exercises, and subjects addressed in your training.

We conduct the Infosec Awareness training as soon as employee joined the organization and on annual basis. Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. Furthermore, we evaluate their understanding through tests and quizzes to determine which topics they need further training in. We provide training on specific aspects of security that they may require based on their roles.

Do all staff receive information security awareness training?

We conduct ISMS training for all the employees.

Are all systems security configuration standards documented and based on external industry or vendor guidance?

Attached the IT policy. We also have communicated these to all the employees to spread awareness among them.

Are there awareness training sessions on remote working guidelines, social engineering, etc. conducted ? What is the periodicity of training?

We conduct ISMS training for all the employees. The frequency of the training will be annually.

Is a Training and Awareness Program maintained that addresses data privacy and data protection obligations based on role?

Data privay and Data protection is a part of our Infoarmation security awareness training.

Does the organization conduct pre-joining & periodic information security trainings & awareness programs to convey criticality of the customer data?

Yes. We conduct ISMS training for newly joined employees and existing employees.

Describe your security awareness program for personnel

Yes. We do conduct security awareness training for all the employees as soon as they joined the organization and also annually as per the ISMS requirements.

Third parties should ensure its personnel have role-based training programme for information security on an annual basis.

We conduct annual ISMS training for all the employees as per the compliance requirements

What kind of cloud security awareness you provide to your administrators?

We provide mandatory security and awareness training to all our employees and spread awareness about the information security accrross the organization.

Do all staff formally complete annual end user security awareness training?

Yes. We conduct Infosec awareness training as soon as the new employees join the organization and annually once for all the existing employees.

Are data privacy compliance taken into consideration in the design of new and/or redevelopment of existing systems or business processes? (If so please detail how and when)

Yes. We have eduated all our employees throgh training on Data privacy compliance. The Production or devolopment team always make sure that the new devolopments made will be complied with the data privacy requirements. We also educate our Production or devolopment on the recent updates throgh necessary trainings.

PreviousSecurity OperationsNextVulnerability and Threat Management

Last updated 3 years ago

Was this helpful?

📓
👨‍💼
🔐