TRUSTe

Security Overview

Xactly understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and therefore to our success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our applications, systems, and processes to meet the changing demands and challenges of security.

Secure Data Centers

Our service is collocated in dedicated secure cages in top-tier data centers. These facilities provide carrier-level support, including:

Security Notice

Xactly uses the most advanced Internet security available today to ensure the security of customer information. Whenever a user accesses Xactly Incent, a secure HTTP connection is established leveraging Secure Socket Layer/Transport Layer Security (SSL/TLS) technology. This technology enables Xactly to ensure that customer information is safe, secure, and only available to registered users.

All Xactly Incent users have a unique user name and password that is enforced with strict rules regarding password length, reuse, and more. Additionally, since a limited number of users, typically compensation analysts, enter company data, Xactly offers an optional feature to lock their access to specific IP addresses.

The Xactly hosted environment is secured in Tier IV data center facilities managed by a world-class Managed Services Provider. Security at these facilities is guided by a “defense-in-depth” security strategy using layers of integrated and redundant security measures.

Threats

Users of online services are potential targets for attempts to steal login credentials and other sensitive information. These threats include scam emails (phishing and malware) and phone calls (or other social engineering techniques) attempting to gather information that can be used to gain unauthorized access or privileged knowledge.

Xactly does not require the use of Java running within a user’s browser. Information regarding risks related to Java running within a user’s browser can be found at: www.kb.cert.org/vuls/id/625617

Best Practices

Administrators – Protect Your Company

Implement IP Restrictions in Xactly Incent

A great tool for protecting your applications is restricting login to those IP addresses that you specifically approve.To restrict IP addresses, click Setup > Users > User Information, and enter the appropriate address in the IP address field. When enabled, the specified user can only log into the Xactly Incent application using the specified IP address.

To notify Xactly about your primary administrative/security contact, contact Xactly Support.

To notify Xactly about your primary administrative/security contact, contact Xactly Support.

accordion togglechevrongearslockmonitornew-tabshield_1status_information_available_outlinestatus_information_available_solidstatus_online_outlinestatus_online_solidstatus_service_disruption_outlinestatus_service_disruption_solidmaintenance_outlinemaintenance_solidXTY17632 - Trust UX Icons @x2 v1warning_outlinewarning_solid