Policy and Process
Xyte has a full software development lifecycle to propose and approve changes at the product management level. The implementation of these changes is specified, and all source code is reviewed. Source code is kept in a version control system (VCS). Both the completion of the code review and the identity of the code reviewer are recorded in the VCS.
Xyte has incident response policies with dedicated support and DevOps teams monitoring our cloud services. External penetration tests are also performed at regular intervals. Product security risks are catalogued in a secure area of Xyte’s task/defect management system.
Xyte's service is hosted on AWS and has a number of alerts and other monitoring agents in place for issue notifications. These services also log all activity, and an audit log is available for end-users to monitor their account and device activity.