As technology and innovation continue, so do threats and vulnerabilities. We ensure appropriate technical, physical, and administrative safeguards are employed across our companies to ensure secure storage and responsible use of personal information. Though all of our companies possess security expertise, our internal security team provides oversight across all of our companies. We carefully monitor emerging trends in malicious software to ensure our systems are updated against current threats.
Our collective customers span the globe, and we actively work to ensure our processing of personal information adheres to industry best practices and remains in compliance with local privacy regulations. We integrate information security into all organizational functions and processes across our portfolio. To maintain customer trust, we ensure all code is carefully reviewed prior to deployment and security is integrated into all levels of development.
There are a number of cybersecurity frameworks available, and we work closely with customers to ensure our products meet their needs for both business and compliance. Where appropriate, our companies receive third party audits and reviews which we share during the customer onboarding process. As a general rule, we conform to the standards listed in Cloud Security Alliance’s Consensus Assessments Initiative Questionnaire, which allows us to map our safeguards and controls to all commonly utilized frameworks such as NIST SP800-53, ISO/IEC 27000, and COBIT, as well as compliance with regulations such as GDPR, HIPAA/HITECH, COPPA, FERPA, and PIPEDA.
We understand the unique security challenges of entrepreneurs, start-ups, and SaaS companies, who all have a challenge to comply with complex regulations. With this in mind, we have built a cybersecurity repository aimed at helping SaaS companies and the customers they serve by better articulating what a SaaS business needs to do, internally and externally. We use this base security plan for our companies, update it regularly, and it is publicly available on GitHub. If you would like to use all or part of this plan for your company, please reach out to us.
Xenon publishes a semi-annual cybersecurity journal for customers and others interested in the SaaS industry. Topics include Securing Open Source Code, Hidden Costs of a Data Breach, Security Trends for 2019, among others. If you would like to receive a copy or subscription, please click here to download.