1. Security Overview
We take information security very seriously and use information security best practices across the entire stack, from infrastructure to code. To ensure that your data is as safe as possible.
2. Product Overview
Xylene provides transparency solutions for supply chain management, customer engagement and easier compliance. Companies in various industries already trust xylene to monitor and manage their supply chain, achieving transparency while maintaining data confidentiality.
Xylene App works like this;
- Industries sign up on Xylene and invite their suppliers to join the platform.
- All the users can share data and documents that will encrypted in our secure data center hosted on AWS.
- Thanks to our role and permissions system, every information can be classified as Private, Protected or Public ensuring access to information only to those who are authorised.
3. Security training/ Policy
Our employees are required to conduct themselves in a manner consistent with the company’s guidelines, including those regarding confidentiality, business ethics, appropriate usage, and professional standards. All newly hired employees are required to sign confidentiality agreements and to acknowledge the Xylene code of conduct policy. The code outlines the company’s expectation that every employee will conduct business lawfully, ethically, with integrity, and with respect for each other and the company’s users, partners, and competitors. Processes and procedures are in place to address employees who are on-boarded and off-boarded from the company.
Employees are provided with security training as part of new hire orientation.
Data Center (AWS)
Xylene’s servers, applications, datastores and services are hosted on the AWS (Amazon Web Services) platform in facilities compliant with leading security standards including; PCI DSS Level 1, ISO27001, ISO27018, ISO 9001, SOC1, SOC2, SOC3 and many more. For more details, please see the AWS compliance programs and the AWS Security Whitepaper.
5. Certifications and Standards
ISO 27001 – Our data center (AWS) and payment providers are all ISO 27001 compliant.
SOC 2 – Our data center (AWS) is SOC 2 compliant.
PCI – We use Stripe as payment service provider that is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. Our data center, identity management and payment providers are all PCI DSS Level 1 certified.
General Data Protection Regulation (GDPR)
We are GDPR compliant. The General Data Protection Regulation (GDPR) is a wide-ranging European Union (EU) regulation designed to protect the privacy of individuals in the EU. We give users control over how their personal data is processed, including how it’s collected, stored and used.