Last Updated; 25 May 2020
The Security of the Xoomibox Website
Cyber Security & Digital Resilience
At Xoomibox, we take cyber-security and digital resilience seriously. We understand that our visitors and guests always expect our services to be available and their data to be kept secure. We work hard to manage security risks and stay ahead of possible threats by maintaining focus on the following areas.
1 Secure code development
Our code is developed with OWASP Top 10 in mind and reviewed with automatic tools. We are committed to best practices for secure software development.
2 Data encryption
We use HTTPS by default, to protect information that our users transmit throughout the platform, by industry standards. Our internal policies require encryption of laptops to protect our data in case of loss or theft.
3 Availability and digital resilience
We have a high-availability solution that protects our infrastructure against Distributed Denial of Service (DDoS) attacks. Additionally, our services use a Web Application Firewall (WAF) that protects the platform from malicious activities that could compromise our data.
4 Two-Factor Authentication
We offer two‑factor authentication and strongly recommend our users use it for maximum security. We have made two‑factor authentication mandatory for all our employees to access critical business services.
5 Audits and penetration testing
We use recognized accredited third parties to perform information security audits. We perform regular penetration tests of our platform and internal networks across our offices. We also have an internal vulnerability management process with automatic scanning capabilities.
6 Third-party security
Like many businesses, we use certain third‑parties to support the services we provide to our users. We ensure that third parties are appropriately assessed in line with our security, outsourcing, and data residency policies and procedures, and reviewed regularly.
7 Incident and vulnerability reporting
We strive to implement a high standard of cyber-security and digital resilience, but incidents or vulnerabilities may occur. If you would like to report or provide feedback on any issue, please contact our technical department on email@example.com. We treat any such report or feedback as a high priority and address them as soon as possible.
8 Payment security
When you make a payment using the Xoomibox website, we use a third-party provider, Payment Gateway Providers. Payment Gateway Provider which has been audited by a PCI-certified auditor and certified to PCI Service Provider Level 1. It is the most stringent level of certification available in the payments industry. They make use of best-in-class security tools and practices to maintain a high level of security. Full details can be found here.
9 Industry collaboration
We work closely with other peers and organizations that meet industry standards to improve our cyber-security and digital resilience. We often take part in security forums, conferences, and private discussion groups to stay ahead of threats to our business.
10 Human resources security
Xoomibox employees receive security awareness training on an ongoing basis and are required to adhere to our information security procedures. Any incidents of non-compliance are dealt with by our Technical Department and our Board of Directors.