Overview
In today’s digital landscape, ensuring the security and compliance of your business operations is critical. PXME is built with robust safeguards to protect sensitive data, maintain service availability, and comply with industry standards. This overview highlights the framework, controls, and practices that PXME employs to safeguard customer data and maintain trust.
Security Objectives
PXME’s security strategy is based on industry best practices with these key goals:
Customer Trust & Protection – Safeguard privacy and confidentiality.
Availability & Continuity – Provide highly available, uninterrupted service.
Information & Service Integrity – Prevent unauthorized alterations.
Compliance with Standards – Meet and exceed regulatory and industry benchmarks.
Security Controls
Infrastructure Security
Cloud Hosting – Google Cloud Platform (GCP) and Amazon Web Services (AWS), US-based.
Uptime – GCP SLA ≥ 99.5%; AWS SLA 99.95–100%.
Audits & Certifications – SOC 2 Type 2, ISO 27001, and more.
Network & Perimeter
Multiple firewalls, deny-by-default configurations.
Regularly reviewed rulesets.
Configuration Management
Automated provisioning and scaling.
Hardened server/container baselines.
Drift detection & auto-correction (≤30 minutes).
Automated patching.
Logging
Centralized logging solution.
Security-relevant logs retained and indexed.
Restricted write-access.
Monitoring & Alerting
Automated anomaly detection (errors, abuse, attacks).
Alerts to engineers with automated mitigation (e.g., throttling).
Application Security
Web Application Defenses
Firewalls & OWASP Top 10 protections.
DDoS mitigation.
Development & Release Management
Continuous delivery with peer code reviews.
Static/dynamic code analysis.
Dedicated QA before production.
Automated rollbacks & feature gating.
Vulnerability Management
Regular scanning with industry-standard tools.
Annual penetration testing.
Threat intelligence monitoring.
Prioritized remediation.
Customer Data Protection
Data Classification
Customers responsible for capturing appropriate data.
Sensitive info (SSNs, credit cards) should not be stored unless permitted.
Tenant Separation
Logical separation via unique tenant IDs.
Continuous authorization validation.
Encryption
In transit – TLS 1.2/1.3 with ≥2048-bit keys.
At rest – AES-256 encryption.
Passwords hashed & encrypted.
Key Management
TLS keys via CDN partner.
Volume/field keys managed in hardened KMS.
Regular rotation & renewal.
Data Backup & Disaster Recovery
Redundant services across multiple zones.
Point-in-time recovery enabled.
Daily backups with 7-day retention.
WORM protections.
Recovery tools (Recycle Bin, version history).
Identity & Access Control
Product User Management
Role-based permissions and granular privileges.
Login Protections
Strong password rules (≥8 chars, complexity enforced).
Two-factor authentication (2FA) required.
Employee Access
Production Data – RBAC + Just-in-Time Access (JITA).
Customer Portals – Temporary access (max 24 hrs), logged & monitored.
Corporate Auth – MFA required; password vaults in use.
Organizational Security
Background Checks – Completed before hire.
Policy Management – Written Information Security Policy, reviewed annually.
Security Awareness – CyberSafety & phishing training on hire + annually.
Vendor Management – Third parties vetted for compliance.
Endpoint Protection – Laptops encrypted and MDM-managed.
Compliance
Sensitive Data – PCI-compliant processors handle payments (PXME does not store payment data).
Privacy – PXME does not sell personal data.
Data Retention – Retained for active users; deletions honored per regulations.
Breach Response – Investigation, containment, mitigation, and customer notification as required by law.
GDPR – Features for consent tracking and right-to-be-forgotten workflows.
FAQ
Q1: What ensures data security in the cloud?
Hosting on GCP and AWS with encryption at rest & in transit, strict access controls, and certified infrastructure.
Q2: How are backups and disaster recovery handled?
Daily backups with 7-day retention, point-in-time recovery, and redundant services across multiple zones.
Q3: How is customer data protected against unauthorized access?
Encryption, RBAC, 2FA, JITA access models, and logged activity monitoring.
Q4: How does PXME ensure compliance?
SOC 2 and ISO 27001–backed infrastructure, annual audits, policies, and data protection agreements.
Q5: What happens in the event of a breach?
PXME follows a formal breach response plan: investigation, containment, mitigation, and timely customer notifications.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article