INFORMATION SECURITY

When it comes to information security and privacy, XFINITY Home holds its partners to the same high standards we hold ourselves to!

Information Security

XFINITY Home uses the same secure design and development practices as leaders in the financial and defense industries. And even after we launch a product, we continue to monitor and test it for new vulnerabilities. We monitor our infrastructure and cloud environment 24 x 7 x 365 to provide the highest level of assurance that only authorized users are accessing sensitive information and controlling our customers’ systems.

Data Privacy

The only people accessing a customer’s information should be those they have authorized … period. That’s why we have numerous, layered safeguards to keep customers and their data protected. If you are a Works With XFINITY Home partner, we’ll exchange only the data absolutely necessary to give our customers the best possible product experience.

Information Security / Agreements

We place a high amount of trust in our partners, as they also do with us, so we clearly and explicitly outline contractual expectations and obligations during the negotiation process.

 

“Building Security In” before products are even launched

Works With XFINITY Home is a mark you can be proud to display on your product. It distinguishes your company as being obsessed with providing the very best information security, data privacy, and customer experience to the connected home.

In addition to operational expectations like patching and vulnerability management, we look for our partners to employ Secure Development Lifecycle (SDLC) best practices, such as:

SECURE DESIGN

The product and development teams perform in-depth design reviews with security architects, and remediate significant defects, during the design and development process.

Code Analysis and Testing

Static, dynamic, and manual testing of source code and executable code, to proactively identify and remediate vulnerabilities prior to release.

Penetration Testing

Contracting with an unbiased, respected 3rd party firm to perform comprehensive security audits of hardware, firmware, backend infrastructure, web and mobile applications, which promotes confidence in the product’s functionality and security.