XILO | Security

Certified

In Progress

SOC 2

Service Organization Controls (Soc2) (Type II) Trust Services Principles

Security Features

Data and privacy

View All

Product security

View All

Internal security procedures

Vulnerabilities scanned and remediated

Vendor management program established

Service description communicated

Third-party agreements established

Risk management program established

Risks assessments performed

Risk assessment objectives specified

External support resources available

Company commitments externally communicated

Data center access reviewed

Physical access processes established

Incident management procedures followed

Incident response policies established

Access requests required

System changes communicated

Incident response plan tested

Support system available

Security policies established and reviewed

Board meetings conducted

Roles and responsibilities specified

Organization structure documented

Management roles and responsibilities defined

System changes externally communicated

Backup processes established

Board expertise developed

Board charter documented

SOC 2 - System Description

Board oversight briefings conducted

Whistleblower policy established

Development lifecycle established

Production deployment access restricted

Change management procedures enforced

Cybersecurity insurance maintained

Configuration management system established

Continuity and disaster recovery plans tested

Continuity and Disaster Recovery plans established

View All

Organizational security

View All

Password and Credential Storage

Intercom enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).

Development lifecycle established

Continuity and disaster recovery plans tested

Audit Logging

View All

Auditor

Prescient Assurance

Website

prescientsecurity.com

Email Address

auditor@prescientsecurity.com

Phone Number

1 646-209-7319

Address

1100 Market Street Suite 600 Chattanooga, TN 37402

Certified

In Progress

GDPR

General Data Protection Regulation

Security Features

SSO & 2FA

SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. If you’re using password-based authentication, you can turn on 2-factor authentication (2FA).

View All

Permissions

We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.

View All

Data and privacy

View All

Auditor

Prescient Assurance

Website

prescientsecurity.com

Email Address

auditor@prescientsecurity.com

Phone Number

1 646-209-7319

Address

1100 Market Street Suite 600 Chattanooga, TN 37402

‍

Customer data deleted upon leaving

Data retention procedures established

Data classification policy established

Vulnerabilities scanned and remediated

Vendor management program established

Service description communicated

Third-party agreements established

Risk management program established

Risks assessments performed

Risk assessment objectives specified

External support resources available

Company commitments externally communicated

Data center access reviewed

Physical access processes established

Incident management procedures followed

Incident response policies established

Access requests required

System changes communicated

Incident response plan tested

Support system available

Security policies established and reviewed

Board meetings conducted

Roles and responsibilities specified

Organization structure documented

Management roles and responsibilities defined

System changes externally communicated

Backup processes established

Board expertise developed

Board charter documented

SOC 2 - System Description

Board oversight briefings conducted

Whistleblower policy established

Development lifecycle established

Production deployment access restricted

Change management procedures enforced

Cybersecurity insurance maintained

Configuration management system established

Continuity and disaster recovery plans tested

Control self-assessments conducted

Penetration testing performed

Data transmission encrypted

Continuity and Disaster Recovery plans established

Data encryption utilized

Vulnerability and system monitoring procedures established

Security awareness training implemented

Visitor procedures enforced

MDM system utilized

Confidentiality Agreement acknowledged by employees

Code of Conduct acknowledged by employees and enforced

Password policy enforced

Confidentiality Agreement acknowledged by contractors

Performance evaluations conducted

Asset disposal procedures utilized

Production inventory maintained

Code of Conduct acknowledged by contractors

Employee background checks performed

Portable media encrypted

Anti-malware technology utilized

Production OS access restricted

Service infrastructure maintained

Network and system hardening standards maintained

Network firewalls utilized

Network firewalls reviewed

Network segmentation implemented

Log management utilized

Infrastructure performance monitored

Remote access encrypted enforced

Remote access MFA enforced

Intrusion detection system utilized

Unique network system authentication enforced

Access revoked upon termination

Production database access restricted

Production network access restricted

Firewall access restricted

Access control procedures established

Production application access restricted

Unique account authentication enforced

Encryption key access restricted

Unique production database authentication enforced

Development lifecycle established

Continuity and disaster recovery plans tested

Role-Based Access Control

Audit Logging

Customer data deleted upon leaving

Data retention procedures established

Data classification policy established

Vulnerabilities scanned and remediated

Vendor management program established

Service description communicated

Third-party agreements established

Risk management program established

Risks assessments performed

Risk assessment objectives specified

External support resources available

Company commitments externally communicated

Data center access reviewed

Physical access processes established

Incident management procedures followed

Incident response policies established

Access requests required

System changes communicated

Incident response plan tested

Support system available

Security policies established and reviewed

Board meetings conducted

Roles and responsibilities specified

Organization structure documented

Management roles and responsibilities defined

System changes externally communicated

Backup processes established

Board expertise developed

Board charter documented

SOC 2 - System Description

Board oversight briefings conducted

Whistleblower policy established

Development lifecycle established

Production deployment access restricted

Change management procedures enforced

Cybersecurity insurance maintained

Configuration management system established

Continuity and disaster recovery plans tested

Control self-assessments conducted

Penetration testing performed

Data transmission encrypted

Continuity and Disaster Recovery plans established

Data encryption utilized

Vulnerability and system monitoring procedures established

Security awareness training implemented

Visitor procedures enforced

MDM system utilized

Confidentiality Agreement acknowledged by employees

Code of Conduct acknowledged by employees and enforced

Password policy enforced

Confidentiality Agreement acknowledged by contractors

Performance evaluations conducted

Asset disposal procedures utilized

Production inventory maintained

Code of Conduct acknowledged by contractors

Employee background checks performed

Portable media encrypted

Anti-malware technology utilized

Production OS access restricted

Service infrastructure maintained

Network and system hardening standards maintained

Network firewalls utilized

Network firewalls reviewed

Network segmentation implemented

Log management utilized

Infrastructure performance monitored

Remote access encrypted enforced

Remote access MFA enforced

Intrusion detection system utilized

Unique network system authentication enforced

Access revoked upon termination

Production database access restricted

Production network access restricted

Firewall access restricted

Access control procedures established

Production application access restricted

Unique account authentication enforced

Encryption key access restricted

Unique production database authentication enforced

Development lifecycle established

Continuity and disaster recovery plans tested

Role-Based Access Control

Audit Logging

XILO's Security

SOC 2

Security Features

Data and privacy

Product security

Internal security procedures

Organizational security

Password and Credential Storage

Auditor

GDPR

Security Features

SSO & 2FA

Permissions

Data and privacy

Auditor

Security questions?