We are committed to protecting critical data and the interests of our customers.
ISO certifications are part of Extra360’s wider strategy to secure our customers’ data and minimise business risks. We regularly receive independent audits and reviews to maintain these certifications.
Data security, stable operations and compliance are our highest priorities as we develop our solutions.
Extra360 holds ISO 9001 and ISO 27001 certificates
Satisfying the highest safety requirements
We implement strict policies and procedures to ensure your business and customers are protected at all times.
- Network and Encryption security
- 24/7 assistance for critical issues
- GDPR compliance
- Regular external safety controls
- Strict privacy policies
Security built into every rollout
Secure yourself from internal and external scams and fraud. Track every engagement with your system.
- Unique identifiers on every API call and response
- Detailed permissions and user management
- SAML 2.0 Single Sign-On support
- API tester and logs
- Global and per profile limits
Global Data Security
Data privacy has evolved into a whole new world over the past few years.
Don’t keep data you don’t intend to use
01
Don’t transfer personally identifiable information (Pll) data to any vendor
02
03
Security is in everything we build
Extra360 offers the best security measures in the industry, both in terms of technology and policy, to protect our customers' data and ensure data safety
-
Dedicated Chief Information Security Officer (CISO)
Extra360's CISO is responsible for the security of the organisation's processing of personal data of its staff, customers, providers or other individuals in line with applicable data protection rules.
-
Dedicated Quality Assurance Team
Extra360 has a team dedicated to testing all updates to its software so that the end products are released without any vulnerabilities.
-
Independent Data Protection Officer (DPO)
Extra360’s independent DPO audits and ensures that the organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
-
GDPR compliance
Extra360's software and conduct is in full compliant with the GDPR and guarantees that customers are able to retain their right to control their data.
-
Data Leakage Precautions
To minimise the risk of accidental data leakage, we implement detailed data controls so that only necessary information is transmitted via APIs.
-
API Integrity
All APIs that transmit personal data are protected as they are sent over encrypted channels and API signatures to ensure that the information has not been altered.
-
Data encryption in transit and at a rest
To ensure the security of data in transit, each API endpoint uses an encrypted connection. Data at rest is also encrypted on MS Azure.
-
Disaster recovery and business continuity
Extra360's "Disaster Recovery Plan" outlines a playbook for every potential contingency, emergency or disaster scenario.
-
Customer Data Privacy
Extra360's in-house data security statement sets strict rules for each employee on how to manage customer data and a built-in chain of authority within the organisation.
-
Penetration tests
Our technology is subjected to an external penetration test bi-annually to ensure that our platform provides flawless protection and that no critical vulnerabilities are found.
-
Availability
We offer our customers the highest level of availability with three types of Service Level arrangements to choose from.
Responsible Disclosure
New issues and attack vectors emerge every day, and Extra360 strives to stay up-to-date with the latest security developments by collaborating with security researchers, technology community, and our customers. We acknowledge the community’s efforts to build a securer ecosystem for everyone.