Do you make security incident information available to all affected customers
and providers periodically through electronic methods (e.g., portals)?
Yes, we have a repository of security incident information if needed for all the affected customers. This information can be accessed electronically.
Are ingress and egress points, such as service areas and other points where
unauthorized personnel may enter the premises, monitored, controlled and isolated from data storage and process?
Yes, only the authorized personnel are allowed in points of ingress and egress in order to isolate access of data storage and process.
Is there a provision for customer definable backup and Retention Periods of data?
No, the backup and retention of data lies in the hands of Xoxoday. Data is stored in the event that a future need arises for looking into the database.
Are all identified security, contractual, and regulatory requirements for
customer access contractually addressed and remediated prior to granting customers access to data, assets, and information systems?
Yes, we remediate and address all requirements with respect to security, contracts, and regulative purposes for customer access to data and information systems.
Is MFA (Multi-Factor Authentication) provided as an option?
No, we don’t provide multi-factor authentication. As of now, there’s oAuth2.0 and SAML-based tokens. JSON-based token is available for maximum security direct-email logins.
Does your security information and event management (SIEM) system merge data
sources (app logs, firewall logs, IDS logs, physical access logs, etc.) for granular analysis and alerting?
Yes, our event management systems merge the data sources to maintain a log data within the SIEM. This helps in proper analysis and driving out alerts if need be in case of contingency.
Does your incident response plan comply with industry standards for legally
admissible chain-of-custody management processes and controls?
Yes, systems must be configured to log all successful and unsuccessful login attempts by accounts with privileged access. These authentication logs must be retained for a minimum of 180 days and in accordance with the Company’s records retention guidelines.
Do you use file integrity (host) and network intrusion detection (IDS) tools
for you SaaS solution to help facilitate timely detection, an investigation by root cause analysis, and response to incidents?
Yes, with host and network intrusion detection tools, we ensure timely detection and investigation in a prompt manner.
Does your threat feed rely on input from multiple sources?
Xoxoday’s holistic presence keeps our tech team updated with the latest news from multiple sources when it comes to any technological developments or threats.
