The stakes are high in today’s ever-changing landscape of information security and compliance. As the steward of your data, Daxko is responsible for its security, and it’s a duty we take very seriously.
Daxko’s guiding principle is that your data is your data, but we safeguard it. The goal is to be a good steward of what is arguably your most valuable asset, applying policies, practices, and technology to provide robust protection for your data and doing everything we can to deliver a stable environment with business continuity.
For us, this is about more than just protecting your data when it’s part of the Daxko application. Data security is part of Daxko’s culture and corporate practices spanning product design and incident response. Secure design principles drive the team’s engineering processes and inform Daxko’s system architecture.
Here are some of the ways Daxko approaches data security, and how it informs the team's design process and organization.
Information Security Governance
Daxko approaches Information Security with policies, practices, and organizational units that protect your sensitive information and the applications that use it, all while minimizing security-related disruptions.
It all starts with information security governance policies. Daxko’s information security governance policies ensure your data is securely transmitted, managed, and stored. The team defines and enforces policies surrounding:
- Acceptable use
- Systems logging
- Employee equipment
- Third-party vendor reviews
- Employee roles and responsibilities
These policies also support the integrity of production changes. If not strictly managed, such changes can be a significant source of risk exposure (e.g., assigning users with authorization to release new code into production). All production changes must be subject to policies like least privilege access and separation of duties (SoD).
Information Risk Management & Compliance
Navigating the intricate web of compliance laws and regulations can be overwhelming, especially when it comes to maintaining compliance with standards like PCI-DSS, SOC 1 Type II Rules, and privacy laws like the California Consumer Privacy Act (CCPA). That’s where we step in to alleviate some of that burden. Daxko’s compliance frameworks are designed to establish robust security measures and safeguard your data while maintaining compliance.
PCI-DSS is a set of security standards established by major payment card brands designed to protect cardholder data and ensure secure transactions. Daxko undergoes an annual Third-Party Assessor Review to ensure compliance and safeguard your members’ data.
SOC 1 Type II compliance is important for any organization that handles financial transactions and relies on accurate financial reporting. It ensures your financial controls and data integrity are reliable. Daxko’s software passes a SOC 1 Type II audit so stakeholders can be confident proper controls are in place to mitigate financial risks.
Daxko’s Software System Security Architecture
Daxko uses security design principles to build security into every product. The team always proceeds from the concept of least privilege access in software design.
Core elements of Daxko’s security architecture include:
- Building in durable, detailed logging from Daxko’s systems
- Conducting data validation (e.g., to detect cross-site scripting injection attacks)
- Designing security into Daxko’s network architecture (e.g., with segmentation)
- Applying security design principles after identifying sensitive data that requires encryption
- Keeping up with the latest secure development practices
- Monitoring security feeds for new zero-day threats
- Implementing these principles in numerous practical workflows (e.g., patching)
Information Security Program Development & Management
Daxko runs an information security program to give you the peace of mind that comes with knowing your data is protected. The program includes continuous education for the team about industry trends, best practices for dealing with emergency threats and technological advances like artificial intelligence (AI), and how we can use technology to scale Daxko’s data security.
Everything Daxko does is guided by risk-based prioritization and the potential business impact of a given threat. Following this approach allows us to mitigate the most serious nonprofit data security risks.
Daxko’s information security program is rooted in partnership between the technology teams and organizations like yours. This collaboration helps us embrace technologies like containers, which enable desired software characteristics and security benefits.
Information Security Incident Management
Information security incidents will occur. That’s a fact of life in today’s cyber threat environment. Daxko’s goal is to quickly resolve those security incidents, doing as much as possible to minimize their impact on your organization.
The first, and arguably most important step in security incident response is to be aware that there has, in fact, been an incident. False positives are a problem, but so are stealth attacks that go undetected. We strive to avoid both scenarios by working with an external managed detection and response (MDR) provider that monitors Daxko’s infrastructure and application for intrusions on a 24/7 basis.
When there’s an incident, the team follows industry best practices for containing threats and escalating the incident when required. This includes notifying customers and legal authorities as necessary. Daxko’s incident response processes also incorporate strategies for mitigating the impact of attacks and reducing the likelihood of similar attacks in the future.
Daxko’s Data Stewardship
You own your data. We serve as its stewards and help you use it to make data-driven decisions. These are bedrock principles for us.
This means you have control over your data and Daxko makes it easy to access it whenever you want. You can access exportable data through the reports provided within each product, typically in .pdf and .csv format. These reports help you understand the story your data is telling so you can spend more time watching trends and less pulling reports.
Daxko Dashboards provide an interactive view of the data you check every day. You’ll know how your units, members, and account entries are changing with the touch of a button.
Trend reporting empowers your team to track and visualize your organization’s trends. Take the pulse of your organization’s health and gauge how you’re tracking over time with peer-to-peer comparisons.
In addition to these standard reports, Daxko also offers enhanced reporting options for some products should you need more flexibility from your data set.
Your data is your most valuable asset and protecting it is foundational to Daxko's culture and corporate practices. Working together, we can deliver a reliable, secure service that supports your organization.
Want to Dive Deeper Into Daxko’s Data Security?
Learn more about how Daxko approaches data security by downloading a free copy of Data Security at Daxko.
This paper discusses the many ways we go about protecting your data from threats. It covers specific countermeasures, as well as how we build security into the product development process and Daxko itself. We also address the best practices you should employ to protect your data.
Download your free copy to learn more!