Our security systems are airtight and so far we haven't suffered any security breaches.
Yes, we have a repository of security incident information if needed for all the affected customers. This information can be accessed electronically.
We have an ELK setup in place to ensure data monitoring in the most optimal manner.
No, content monitoring and filtration is not done to detect inappropriate data flows.
Yes, only the authorized personnel are allowed in points of ingress and egress in order to isolate access of data storage and process.
Data backups are done daily and in a secured way in AWS
No, the backup and retention of data lies in the hands of Xoxoday. Data is stored in the event that a future need arises for looking into the database.
Yes, the data is stored in our secure database and is transit scrambled for maximum security.
Our tenants' data is excruciatingly confidential and is never used for testing or staging purposes.
Yes, we promptly notify the KO-CIRT for immediate counter-actions and defense mechanisms in case of confirmed security incidents.
Yes, please go through our "Information Security Management System Manual" for a complete understanding.
Our ISMP is annually reviewed and updated if required.
Please go through the links below to access our policies:
Yes, we follow all the technical guidelines for development of our code and applications that come under the Open Web Application Security Project.
Yes, we remediate and address all requirements with respect to security, contracts, and regulative purposes for customer access to data and information systems.
No, we don't provide multi-factor authentication. As of now, there's oAuth2.0 and SAML-based tokens. JSON-based token is available for maximum security direct-email logins.
Yes, Xoxoday's architecture goes through constant upliftment and experiences no downtime during upgrades and maintenance windows.
Yes, our event management systems merge the data sources to maintain a log data within the SIEM. This helps in proper analysis and driving out alerts if need be in case of contingency.
Yes, our documented security incident response plan logs, monitors, and collects relevant security event data for the purpose of investigation.
Yes, information security incidents, if any, shall be quantified in type, volume, and the impact of such incidents.
Yes, systems must be configured to log all successful and unsuccessful login attempts by accounts with privileged access. These authentication logs must be retained for a minimum of 180 days and in accordance with the Company’s records retention guidelines.
Yes, with host and network intrusion detection tools, we ensure timely detection and investigation in a prompt manner.
No, all of Xoxoday's servers are with Amazon Web Services, Singapore and that is where the outbound traffic is routed through.
Cyber threats, if any, are managed internally by the tech team.
Yes we have a regular audit on threats for applicability and exposure to our environment.
Yes we update your cyber security program based on proactive or reactive threat intelligence feeds
Xoxoday's holistic presence keeps our tech team updated with the latest news from multiple sources when it comes to any technological developments or threats.
Yes, physical segregation is done for production and non-production environments.