Plum is GDPR compliant. At Xoxoday, we ensure that the data is gathered, stored, and handled with respect to individual rights. We have raised awareness among our employees and other stakeholders on how to handle the data appropriately. Our employees understand the importance of GDPR and information security.
Xoxoday has an information security policy that is published and communicated to all suppliers and employees (including contractors and other relevant external parties).
Xoxoday has ensured that the Information security policies have established the direction of the organization and align to best leading practices (e.g., ISO-27001, ISO-22307, CoBIT), regulatory, federal/state, and international laws where applicable.
Yes, at Xoxoday, we have a formal disciplinary or sanction policy established for employees who have violated security policies and controls. Employees are made aware of what action might be taken in the event of a violation and stated as such in the policies and controls. A detailed disciplinary process and policy are also in place.
At Xoxoday, we use JIRA for Project Management, and abiding by the Information security policy is mandatory and has been followed in all the projects.
Every code change is reviewed by the tech lead or architect responsible for the project.
During the review process, the reviewer is responsible for identifying possible security issues.
Yes, Xoxoday has a Mobile device policy. At Xoxoday, the mobile device policy takes into account the risks of working with mobile devices in unprotected environments and the controls to be implemented for preventing data transmitted/stored in the mobile device, and much more.
Yes at Xoxoday, we do have an 'Information Security Policy' in place.
Information Classification is included in the organization's processes, and be consistent and coherent across the organization. Results of classification indicate the value of assets depending on their sensitivity and criticality to the organization, e.g. in terms of confidentiality, integrity, and availability. Results of classification are updated in accordance with changes in their value, sensitivity, and criticality through their life-cycle.
Formal procedures for the secure disposal of media are also established to minimize the risk of confidential information leakage to unauthorized persons. The procedures for the secure disposal of media containing confidential information are proportional to the sensitivity of that information.
Yes, we do have an 'Information Security Policy' in place and formal procedures for the secure disposal of media are established to minimize the risk of confidential information leakage to unauthorized persons. The procedures for the secure disposal of media containing confidential information are proportional to the sensitivity of that information.
Our application has role-based access controls and the menu's screens are made accessible accordingly.
AES 256 bit encryption for PI data. SHA256 with unique salt for Hashing passwords.
Yes, Xoxoday does have tested Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), the data would be stored at AWS Singapore
During security audit/VAPT review, these incidents are identified.
Yes, this process is widely communicated to all the employees and stakeholders.
Yes, on Xoxoday, we do conduct Quarterly VAPT.
Yes, at Xoxoday, we perform quarterly VAPT and have static code analysis via SonarQube
Policies, procedures, and standards have been established and maintained to protect information and physical media in transit, and are referenced in such transfer agreements.
Also, there is a clause on securing business information and protection of confidential information in the NDA's signed by the external parties.
As part of the ISO audit, IS Systems audit is also covered and yes the audit process ensures business disruption is minimized.
We have a quarterly VAPT performed on the entire application by a third-party security auditor.
At Xoxoday, we ensure that the data is gathered, stored, and handled with respect to individual rights. We have raised awareness among our employees and other stakeholders on how to handle the data appropriately. Our employees understand the importance of GDPR and information security. Our controls are placed based on the data protection impact assessment (DIPA). All the personal data is encrypted on Xoxoday.
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
To improve our website in order to better serve you.
To allow us to better service you in responding to your customer service requests.
To ask for ratings and reviews of services or products.
To follow up with them after correspondence (live chat, email, or phone inquiries).