Last Updated: 18th July, 2022
Security at xto10x
1. Application Security
Welcome to xto10x
PeopleCues from xto10x uses AWS infrastructure for staging and production environments, which are clearly separated and are behind a Virtual Private Cloud (VPC). Access to the infrastructure elements is through VPN and uses multi-factor authentication. Access to the infrastructure is logged for audits. Automated infrastructure audits are in-place through certified tools (https://pingsafe.com/), and alerts are raised when new vulnerabilities are discovered. Such alerts are classified rigorously and addressed within strict SLAs.
2. Data storage and security
Only engineers who require it for their jobs have access to the data infrastructure. Data is encrypted at rest using 256-bit encryption. No xto10x engineers access customer data unless required to for support purposes and do so with express permission.
3. Data exchange
All the data transfer between clients and the servers are encrypted using TLS 1.2 protocol.
4. Business Continuity
Redundant copies of data are maintained across data centers and the worst case recovery time in the event of a disruption to the primary infrastructure is under 2 hours from detection time.
5. Ongoing security vigil
All major releases undergo thorough penetration testing by our external security partner, Appsecure. Designs, Code and our threat models are shared with the partner (under NDA) in order to detect and close vulnerabilities. The assessment includes OWASP top 10 vulnerabilities detection among others. All new code or changes to existing code are peer-reviewed. Champions identified within the team act as gatekeepers for the security of the application.
6. Unanswered questions?
Security is an ongoing endeavour and can never be fully considered "done". We appreciate and welcome responsible efforts to detect vulnerabilities in our software. If you are aware of vulnerabilities or have any questions regarding our security policy, please reach out to us at security@xto10x.com. We promise to respond to you in under two business days.