Yes, the payment card data is masked and encrypted to ensure that the access only lies in the hands of authorized individuals.
We use AES 256-bit encryption for data at rest for securing digital identities.
The only user data stored within the system is their personal information - names, emails and contact numbers. This data is not put to any use by Xoxoday and resides within the system. The data can be deleted upon the tenant's request.
Your data is completely secure. Third parties have no access to the given data.
Yes, as stated above, your data is completely encrypted and secure, hence no critical information shall be revealed to the third parties.
No. Our data is stored in secured databases and there is no window to alter any data without it being logged into the system records.
Yes, our web assets, email records, and end-points are sealed with data loss prevention techniques.
Yes, our technicalities are built in tandem with the customer data retention policies.
No, we only rely on our ironclad infrastructure to ensure maximum security of data.
The Xoxoday platform operates on the cloud, which means there are no removable storage devices in question.
Our data cleansing process goes through an organized purge. Once the data is purged, it's purged from all places.
There are user roles available for privileged and authorized members, access to which is provided via oAuth-2.0.
Identities of users are verified on the events they access any resources.
A support ticket has to be raised to the customer support team, after which the de-provisioning of privileged credentials will be taken care of in the back-end.
The accounts with highest privilege are authenticated and managed via oAuth-2.0, which can be used to implement secure access to confidential data.
No, roles of high privilege are allocated to a chosen few so that it doesn't break the segregation of duties.
In case of an emergency, tenants can raise a request to the customer support personnel or the key account manager. The privileged access shall be given from the back-end promptly.
Infrastructure logs are collected using the AWS Audit Trail, meanwhile the application related logs are collected in our Elastic Search server and retained in the long term cloud storage.
Yes, mutual authentication exists for strong authentication via AES 256-bit encryption.
1. Infrastructure logs are collected using AWS Audit Trail
2.Application related logs are collected in our Elastic Search server and retained in long term cloud storage.
No. Since we are a multi-tenant system, our logs contain information of all the tenants. We cannot isolate a single customer's information from our logs.
Administrative logs are part of Cloud Dashboard and are regularly reviewed.
Yes, we have multiple internet service providers for uninterrupted coverage and maximum uptime.
There are gateways in place to defer DDoS attacks.
No, historical data cannot be provided due to its confidentiality.
We don't face any downtime and keep our service uninterrupted even in the events of upgrades and patches.
Yes, in case there's a need for a forensic investigation, we can accommodate time and make it happen.
Yes. We comply with this requirement, we follow multi-layer application architecture to isolate database access.
Yes. We follow a defined quality change control and testing as per the Organization's policies and procedures.
Yes. We follow a data classification policy and access control policy to provide access to the individuals based on data type, value, sensitivity, and criticality to the organization.
Yes, We comply with this requirement. All data has been designated with stewardship, with assigned responsibilities defined, documented, and communicated as per the compliance requirements.
Yes. We make sure that we follow access control policy and data protection policy to make sure that only authorized individual has access to the required data. And we have controls such as antivirus, file integrity monitoring, and log monitoring as per the compliance requirements.