Operate with the confidence of security. We are committed to keeping your data safe at rest and in transit within our cloud and mobile applications.

• Information security program
  Exo strives to achieve a high level of information protection standards and commits to the fundamental principles required for the protection of company information resources, controls to ensure compliance, and security practices required to uphold the company’s reputation with its clients.

• Information security policies
  Exo has implemented and maintains a complete set of information security policies based on international standards ISO/IEC 27001 and consistent with industry-accepted practices and security frameworks.

• Software development lifecycle (SDL) practices
  Exo’s has built a robust program to identify and mitigate software security risks during the software development lifecycle. The SDL program includes tools, security-related guidelines, and processes that help to secure platform and all applications during the development process.

• Penetration testing
  Exo’s cloud services and applications undergo ongoing penetration testing to identify areas where business risk may exist. Considering attack vectors, a highly specialized team of researchers carries out test scenarios and a process is in place to address any findings.

• Commitments to security/compliance and security at every level
  Exo is committed to protect the integrity, confidentiality, and reliability of information and information systems. Exo’s holistic approach comprises international standards, security controls from vertical markets, and regional variations. Exo helps to ensure that an organization’s fine-grained controls (specific to geography and regulatory requirements) are in place, validated, and audit-ready.
  Exo’s cloud-hosted and software solutions are built on a common infrastructure governance model based on ISO 27001.

• Continuous Monitoring and Incident Response
  Exo’s cloud-hosted environment is continuously monitored for anomalies and suspicious events. Exo’s security program is designed to handle end-to-end coordination with stakeholders for investigation, forensic analysis, notification, remediation, and close-out of any event.

• Business Continuity
  Exo’s cloud environment is designed and deployed to avoid single points of failures. Exo cloud data storage services is built on the model of high availability with multiple AZs (Availability Zones). In the event of a loss of one availability zone, the data can be replicated from the secondary zone and/or backups.

Furthermore, Exo maintains a framework to minimize the impact of business disruptive events on Exo’s business operations globally. Exo’s business continuity plans are validated on a regular basis by our third-party external audit certification (i.e., SOC2, HITRUST, and ISO27001) to ensure that solutions are viable at the time of a business disruptive event.

---

[1] The customer is responsible for the security of its own user equipment, i.e., smartphones and tablets, so it is incumbent on the user to have installed on its own device antivirus/firewall software, etc. The customer, not Exo, is responsible for the security and integrity of data that is stored locally on its own devices.