Introduction to Arc XP Security
Welcome to Arc XP. Our mission is to empower you to deliver world-class storytelling and transformational user experiences while maintaining the highest standards of security. We understand that in today's fast-paced digital world, the ability to engage customers through compelling content and experiences is critical to success.
The Arc XP platform is designed to enable your organization to create and deliver innovative digital experiences that capture the attention of your audiences and drive business results. We provide the tools and resources needed to build immersive, interactive, and personalized content that meets the unique needs of the largest media brands and enterprises.
We understand that your data is your most valuable asset, and we are committed to protecting it. Our mission is to provide a safe and secure environment, so you can focus on growing your business with confidence. Our platform is designed with built-in security features that help you to secure your data and manage access to your content. We take a proactive approach to security, continuously monitoring our platform for potential threats and vulnerabilities. Our team of security experts works tirelessly to ensure that your data is protected from unauthorized access, theft, and other malicious activities.
We believe that security is a shared responsibility, which is why we provide you with the resources you need to help keep your data safe. We are committed to delivering a platform that is easy to use, scalable, and flexible, so you can focus on your core business while we take care of the technology. We know that a secure and reliable platform enables you to achieve your business objectives, whether that's increasing engagement, driving conversions, or building brand awareness, while maintaining the highest standards of security.
Platform Security
Arc XP has invested in a programmatic approach to platform security, including developer training, threat modeling, code and design reviews, code scanning, infrastructure assessment and scanning, and third-party vulnerability assessments.
In addition to these activities, Arc XP's platform is built on security best practices, which align with our ISO 27001 compliance requirements. These practices include data encryption in transit and at rest using AWS platform-provided encryption and key management. Platform authentication is enforced through security industry leader, Okta, and access to all product resources and assets is enforced through SSO and MFA. AWS VPC and other network security features are used for logical separation and network segregation.
Arc XP regularly reviews least privilege and attack surface reduction principles, and active instances' security profiles are controlled by secured and centrally managed AMIs to reduce the risk of persistent attacks. Internet-exposed resources are tightly controlled and protected by Akamai CDN and WAF for best-in-class protection from web-based attacks. AWS platform-provided security services are used to identify and remediate infrastructure issues, detecting threats in real-time using best-in-class machine learning techniques.
Compliance
The Arc XP platform is built, maintained, and operated to comply with the following standards and regulatory regimes:
GDPR
CCPA
ISO 27001
PCI
ISO 27001 is a globally recognized standard for information security management systems (ISMS) developed by the International Organization for Standardization (ISO). The standard provides a systematic approach for managing and protecting sensitive information, including data confidentiality, integrity, and availability.
Arc XP has adopted ISO 27001 as part of our commitment to implementing, maintaining, and improving security controls, ensuring that we protect our customers' data to the best of our ability. ISO 27001 compliance serves as the overall framework, arching over the various components of our security program.
The Arc XP platform can process card payments using our Subscriptions and Commerce features. These components allow you to set up paywalls for your content or create an eCommerce experience for any products you offer to your customers. In each of these cases, we make it easy to connect to the payment provider of your choice. At no point does Arc XP process or store PAN data, as this functionality is always performed by the third-party payment processor. As a result, Arc XP is a Security Impacting System for your PCI compliance scope, and we self-attest as a Level 2 Service Provider. When you choose to use Subscriptions and Sales features, you own the financial relationship with your customers, and any possible fraud related risks.
Shared Responsibility Model
As an Arc XP customer, you build and configure digital experience on the platform. We are in partnership with you, and we share responsibility for the security of your site, end users, and sensitive data.
It is important to understand your security responsibilities so that you can take appropriate measures to protect your website and data. A clear shared responsibility model, as described in The Arc XP Shared Responsibility Model, helps ensure that we are aligned and working together to keep your websites and data secure.
Conclusion
Arc XP provides its customers with the tools and resources they need to create and deliver innovative digital experiences while maintaining the highest standards of security. The platform is built with a programmatic approach to security, aligning with industry best practices and compliance requirements, such as ISO 27001, GDPR, CCPA, and PCI.
We take a proactive approach to security, continuously monitoring its platform for potential threats and vulnerabilities. The Arc XP platform follows a shared responsibility model, where customers are responsible for securing their application code and configuration, while Arc XP is responsible for the security of the platform. With these measures in place, you can focus on growing your businesses with confidence, knowing that your data is protected by a secure and reliable platform.