Security is one of xSellco's primary concerns as it is an essential component to our stable, reliable eCommerce platform. Our applications and infrastructure are built to meet ISO 27001 security standards while adhering to the standards required by our customers.
There are several different aspects in place to ensure our platform is hosted in a robust and secure manner:
• Our platform is fully deployed on AWS Cloud which is certified to ISO 27001, ISO 27017 and ISO 27018 (more details can be seen here https://aws.amazon.com/security/)
• Custom developed Security and Navigation Framework which covers authentication, authorisation, entity level security and zone access within the application.
• Applications are hosted in secure server environments which are hardened according to industry standard benchmark requirements.
• Network access is controlled through the use of firewalls and other industry standard technology to prevent interference or access from outside intruders.
• All information is transferred over secure encrypted channels only.
• xSellco utilises a 3rd party security company to perform penetration tests on both their infrastructure and applications every quarter.
• xSellco’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
• xSellco implements access controls based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Strictly subject to Client permission on a per incident basis, xSellco support staff may access the Client account for the sole purpose of assisting the Client with resolving a support issue. All xSellco staff are subject to contractual obligations of confidentiality and undertake regular training.
If you believe that you have found a vulnerability with our platform and wish to report this to us, please email vulnerabilities@xsellco.com with evidence of the vulnerability and steps on how to reproduce it.