Usually infosec/IT due diligence for PyXLL is quite straightforward as it is delivered as a on-premises add-in with no cloud dependencies, which makes things much easier.
The following points address most of the concerns that IT/infosec teams often ask us:
- PyXLL is deployed and run locally, directly on the end user's PC
- There is no required cloud or server component to the product and your sensitive data never leaves your site*
- Updates are made available and applied by the client, the software does not auto-update.
- The software is developed using industry best practices (version control, unit testing, continuous integration)
- Anti-virus/anti-malware scanning is performed regularly on the designated 'build machine' that is used to build the software.
- Minimal open source components are used, which are carefully selected and can be found here https://www.pyxll.com/opensource.html
- Changes to the software for all releases are recorded in the changelog which is available here https://www.pyxll.com/changelog/index.html
- Semantic versioning is used, in the form {major}.{minor}.{patch}. Patch releases contain only fixes, minor releases are always backwards compatible, major releases may exceptionally contain some backwards incompatible changes although efforts are always made to minimize the impact of those.
* See this FAQ for more details on this https://support.pyxll.com/hc/en-gb/articles/4414354710547-Does-PyXLL-collect-any-data
Should you require any more information then please contact us for assistance.