Q: What incident management and reporting protocols are followed?
Xoxoday follows a structured incident management process aligned with enterprise-grade SLAs and global standards. In the event of a security incident:
Clients are notified within 24 hours.
A comprehensive incident report is provided shortly after, detailing the root cause, impact, resolution timeline, and corrective actions.
All incidents are logged in a centralized system and reviewed periodically to ensure accountability, transparency, and continuous improvement.
This ensures complete alignment with any organization’s incident escalation protocols and audit requirements.
Q: What are your disaster recovery protocols and how is data restored?
Xoxoday maintains a robust Disaster Recovery (DR) strategy hosted on Amazon Web Services (AWS) to ensure business continuity. By leveraging geographically distributed data centers and real-time replication, we minimize downtime and ensure rapid recovery during system failures or natural disasters.
Disaster Recovery Protocols
Automated Backups: We perform regular incremental and full backups, storing them in multiple secure locations to prevent data loss.
Multi-Region Redundancy: Data is continuously replicated across multiple AWS Availability Zones to ensure resilience.
Automated Failover: In the event of a primary system failure, services automatically switch to secondary backup instances to maintain uptime.
Regular Testing: We conduct periodic DR drills and simulations to validate the efficiency of our recovery workflows.
Data Restoration Process
Point-in-Time Recovery: Granular restore options allow us to recover data to specific timestamps, ensuring minimal data loss.
Rapid Restoration: Encrypted backups are restored from secondary storage within a predefined Recovery Time Objective (RTO).
Continuous Monitoring: Real-time monitoring tools detect failures immediately and trigger automated recovery workflows.
Secure Access: The restoration process is strictly controlled via Role-Based Access Control (RBAC), allowing only authorized administrators to initiate recovery.
Q: What is the threshold and protocols to notify the customer when disaster recovery protocols are triggered?
Xoxoday follows a proactive notification framework to ensure transparency during system incidents. We provide real-time updates based on specific severity thresholds to keep customers informed throughout the recovery process.
Thresholds for Triggering Notifications
Service Downtime: Internal investigations are triggered if system downtime exceeds 1 minute.
Infrastructure Failure: Failover to secondary regions is automatically initiated during Multi-AZ (Availability Zone) failures or AWS outages.
Data Integrity Risks: Any anomaly indicating potential data corruption activates immediate backup validation.
Performance Degradation: Automated recovery workflows are engaged if system latency or failure rates exceed operational baselines.
Customer Notification Protocols
Immediate Alerts: Customers receive real-time notifications via email, SMS, or in-app alerts when DR protocols are activated.
Status Page: Live tracking of service availability and restoration progress is provided on our dedicated Status Page.
Support Outreach: For high-priority incidents, the Xoxoday support team conducts direct outreach to provide personalized updates.
Incident Reports: Upon service restoration, we share a detailed report outlining the root cause, resolution steps, and preventive measures.
Enterprise Customization: Enterprise customers can define custom SLAs and notification preferences based on severity levels.
Q: Is there a mechanism in place for real-time security alert monitoring? Will our organization receive incident alerts, or only Xoxoday?
Yes, Xoxoday provides comprehensive security event monitoring. In case of an incident, Xoxoday’s internal teams receive alerts and will notify your organization within 24 hours as part of the standard incident response protocol.
Q: How do you protect yourself and the solutions and services that I purchase from you from denial-of-service attacks?
Xoxoday is safeguarded against denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks using a multi-layered defense architecture:
Web Application Firewall (WAF) with rate limiting to automatically block or throttle abusive requests from IPs exhibiting suspicious behavior.
Cloudflare-based WAF and Threat Intelligence to detect and mitigate advanced DDoS threats across our application and APIs.
Perimeter Security with AWS GuardDuty for real-time threat detection and alerts.
High Availability Infrastructure with multi-AZ deployments, auto-scaling, and containerized architecture to absorb traffic surges and maintain uptime.
This layered approach ensures system resilience, even under large-scale attacks.