worxogo Security Policy
worxogo (an ISO 27001 Certified Company) is committed to maintaining the highest standards of Data Security.
• Data and user credentials are encrypted with the best-in-class encryption algorithms. Data is transferred seamlessly and securely from your application landscape into the worxogo applications.
• Your application instance is completely isolated from all other instances.
• Adoption of standard best practices for coding, testing and deployment into our software development culture, delivering a reliable, secure product to you.
• Our networks and servers are segregated for Development and Production Environments and monitored 24×7.
• Network Intrusion Detection & Prevention, Distributed Denial of Service ensure all network security threats are mitigated.
• Regular checks on security vulnerabilities on the network ensure that risks are detected and eliminated immediately.
• We have a zero trust approach on network and application security – including user access through a restricted set of network ports.
• Your application is installed on AWS or Azure virtual machines provided with state of the art firewall protection and access control mechanisms. They are monitored 24×7 at our development centers.
• All client deployments are done on a single tenant basis on any of the private clouds such as AWS and Azure.
• Access to our machines is controlled through an approval process – which means that all access is monitored as well as authenticated.
• We are ISO 27001:2013 certified. Our Cloud Services Providers – Amazon Web Services and Microsoft Azure are SOC 1 and SOC 2 Compliant.
• No information is collected about your customers or your transaction processing in any of the worxogo platforms. Your data is placed in a secure SFTP server in required format for our automated intregration framework to pull the data periodically. Hence, there is no data entry into the worxogo app (as all the data already exists within your systems).
• AES 256 bit key based standards are used to encrypt your data. The data is both encrypted in-transit & in-database.
• You can specify when you want to leave and how you want us to handle your data when you leave.
• Your data will never be used for marketing or advertising purposes.
Low Risk Data
• No information about your customers is ever used by worxogo.
• No transaction level details are ever used by worxogo.
• worxogo uses minimal employee identifiers, and their performance aggregates. There is no data entry into the worxogo app (as all the data already exists within your systems).
• Your data is typically placed in a secure SFTP server in required format for our automated intregration framework to pull the data periodically. This data is encrypted in-transit, as well as in the destination database.