Return to list of Service Information topics
GXS employs a number of mechanisms for providing security and accountability for its commercially available offerings. These mechanisms furnish the means to repel intruders, track suspected intruders, and perform audits. GXS has a large network and must ensure that customer networks are properly isolated from one another, that clients may connect to GXS offerings securely in a variety of ways, and that GXS's own networks are secured.
GXS has designed its commercial network with a two-tier interconnectivity. The first tier provides the access points to other GXS facilities and GXS clients. Filters control access, allowing customers access only to GXS business offerings. The second tier provides access to the various GXS business offerings. Access controls protect the supported software, rejecting all other network connectivity.
Authentication and strong encryption are supported for GXS's business offerings on the Internet. These business offerings are protected by such methods as Secure Sockets Layer (SSL) and S/MIME. SSL provides an encrypted session for secure HTTP and secure FTP document transfer. S/MIME provides payload encryption for our AS2 connectivity option.
GXS supports X.509 certificates issued by Verisign and Digital Signature Trust. In addition, GXS is a registration authority for certificates used in exchange with our applications. Since the data is encrypted and signed, the data cannot be compromised while in transit without alerting GXS.
All Internet connections occur through a commercial firewall. The system logs all connections to the firewalls and allows access only to these systems. Access to all commercial systems is audited.
We employ both internal and external auditors. Internally, Systems Integrity personnel attempt to access certain key system resources to ensure that systems are secure and that personnel are following sound security practices and policies.
A prominent CPA firm periodically conducts a major external audit approximately every two years. This firm inspects and evaluates the security of the total organization in light of the security policies and procedures and evaluates the security policies and procedures themselves. The auditor produces a "service auditor report" (SAS-70) describing the extent to which security procedures implement the spirit of the policies and procedures. This report is available to you and to your auditors in lieu of your own on-site audits, since client personnel may not conduct audits.
Return to list of Service Information topics
GXS, Inc. ("GXS"), is sensitive to privacy issues on the Internet. We believe it is important you know how we treat the information about you we receive on the Internet. In general, you can visit GXS on the World Wide Web without telling us who you are or revealing any information about yourself. This site, however, is not intended for persons under 13 years of age. Our web servers collect the domain names, not the e-mail addresses, of visitors. This information is aggregated to measure the number of visits, average time spent on the site, pages viewed, etc. GXS uses this information to measure the use of our site and to improve the content of our site.
There are times, however, when we may need information from you, such as your name and address. When information is needed, we will try to let you know at the time of collection, how we will use the personal information. Usually, the personal information we collect is used only by us to respond to your inquiry, process an order or allow you to access specific account information.
Occasionally, we may make the e-mail addresses, of those who provide information, available to other reputable organizations whose products or services we think you may find interesting. In these cases, you will be offered an opportunity to limit access to your information.
If you register with GXS on-line, we may use this information to provide you with custom information about GXS's offering in support of your business needs. A technology called cookies may be used to provide you with tailored information. A cookie is a tiny element of data that a web site can send to your browser, which may then be stored on your hard drive so we can recognize you when you return. You may set your browser to notify you when you receive a cookie.
At times we conduct on-line surveys to better understand the needs and profile of our visitors. When we conduct a survey, we will try to let you know how we will use the information at the time we collect information from you on the Internet.
GXS's Web site may contain links to other sites such as GXS distributors and sales affiliates. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites.
The GXS Web site logs IP addresses (or domain names), but not the e-mail addresses, of visitors. This information is aggregated and logged, and used to measure statistical information about usage of the site, including but not limited to the total number of visits, average time spent on the site, and pages viewed, both in real-time, and within a certain historical time frame. GXS uses this aggregated information to measure the use of our site and to improve the content and usage of our site.
Return to list of Service Information topics