Submission channels and report quality
- Primary submission channel: security@xfatora.com.
- Reports should include affected URLs, clear reproduction steps, and impact summary.
- Supporting artifacts such as logs, requests, or videos improve triage speed.
- Reporters should indicate potential confidentiality, integrity, or availability impact.
Triage and prioritization workflow
- Submissions are validated for reproducibility and scope.
- Confirmed findings are prioritized by severity and exploitability.
- Ownership is assigned with tracked remediation milestones.
- Critical issues follow expedited handling and escalation.
Communication and remediation lifecycle
- Receipt of credible reports is acknowledged promptly.
- Status updates are shared at key investigation and remediation milestones.
- Customer-impacting issues follow incident communication practices.
- Significant findings may include post-resolution summaries.
Coordinated disclosure expectations
- We support coordinated disclosure with agreed publication timing.
- Public release should wait until remediation is completed or mitigations are available.
- Collaboration helps reduce customer risk while preserving transparency.
- Coordination details can be tailored for high-impact cases.
Safe harbor and scope boundaries
- Good-faith security testing is welcomed when conducted responsibly.
- Testing must avoid unauthorized data access or service disruption.
- Social engineering, physical intrusion, and privacy violations are out of scope.
- Destructive testing and public exposure before coordination are prohibited.
Enterprise and procurement alignment
- Vulnerability response practices support enterprise risk governance.
- Procurement teams can review disclosure workflows during due diligence.
- Security contacts and escalation paths are documented for readiness.
- Program feedback informs continuous process improvement.
Talk to Sales
Tell us about your ERP requirements and we will contact you with a tailored rollout plan.
Fields marked with are required.
FAQ
How should security researchers report vulnerabilities?
Reports should be sent to security@xfatora.com with reproducible steps, affected endpoints, and impact details.
What details make a report actionable?
Include scope, proof-of-concept evidence, request samples, and conditions required to reproduce the issue.
Will Xfatora acknowledge valid submissions?
Yes. Credible reports are acknowledged and moved into triage as quickly as possible.
How are vulnerabilities prioritized?
Prioritization considers severity, exploitability, affected scope, and potential customer impact.
Are status updates shared during remediation?
Yes. Reporters receive milestone-based updates during investigation and remediation.
Does Xfatora support coordinated disclosure timelines?
Yes. We request coordinated publication timing to protect customers while fixes are completed.
Is there a safe harbor expectation?
Good-faith testing is supported when it avoids privacy violations, service disruption, or destructive behavior.
Can sensitive findings be submitted securely?
Yes. Additional secure communication arrangements can be coordinated for sensitive reports.
Can enterprise procurement teams review this process?
Yes. High-level vulnerability intake and response practices can be shared during due diligence.
Related Modules
Accounting
Learn how Accounting fits into your Xfatora rollout.
Assets
Learn how Assets fits into your Xfatora rollout.
Assets
Centralize asset records, assignments, lifecycle status, maintenance history, and depreciation visibility.
Attendance & Leave
Shift, attendance, and leave approvals with clear policy controls.
Related Industries
ERP for Manufacturing
Manufacturing ERP guidance for production scheduling, material planning, quality control, and real-time shop floor visibility.
ERP for Distribution
Distribution ERP guidance for inventory turns, fulfillment performance, supplier coordination, and multi-warehouse control.
ERP for Professional Services
Professional services ERP guidance for project staffing, utilization tracking, milestone billing, and profitability management.
ERP for Healthcare
Healthcare ERP guidance for procurement governance, department budgeting, workforce planning, and regulatory readiness.
Related Use Cases
Accelerate Order to Cash
Connect sales, fulfillment, invoicing, and collections to reduce revenue leakage and improve cash conversion.
Control Production Costs
Tie material usage, labor capture, and overhead allocation to each production order for reliable margins.
Improve Fleet Uptime
Schedule preventative maintenance and coordinate work orders to minimize vehicle downtime.
Improve Project Profitability
Track delivery effort, direct costs, and billing performance to protect project margins.
Related Guides
ERP Implementation Playbook
A practical, phased guide to planning, launching, and scaling ERP adoption across teams with measurable outcomes.
Xfatora User Guide
Module-by-module setup checklists, workflows, reporting, and troubleshooting to help teams roll out Xfatora in phases.
ZATCA & E-Invoicing Compliance
Practical guidance for enabling Saudi ZATCA QR and electronic invoicing compliance workflows, plus global e-invoicing processing and operational controls.
ZATCA Phase 2 Integration Guide
Step-by-step guidance to align ERP workflows with ZATCA Phase 2 integration controls.
Related Trust Resources
Security Overview
Understand how Xfatora approaches enterprise security across governance, encryption, identity, monitoring, vulnerability management, and procurement readiness.
Data Privacy
Review Xfatora privacy commitments across data ownership, lawful processing, retention, deletion, subprocessor transparency, and enterprise contracting support.
Compliance Approach
Learn how Xfatora supports enterprise compliance with governance controls, evidence readiness, control mapping, and procurement collaboration.
Service Level Agreement (SLA)
Understand enterprise SLA options for availability objectives, incident response targets, escalation pathways, and service governance.