Settings and activity
1 result found
-
265 votes
Hi everyone, the demo company provides the ability to test and trial Xero features without impacting data in your live organisation. It's especially useful when you're getting started with the product or want to see how a feature works that you haven't used before.
That said, we understand not all our customers want or need access to the demo company. We appreciate your feedback on being able to hide or remove this here, and our product team are aware of the interest and feedback surrounding this - Both from this direct thread and the previous commentary and votes from the older forum where this originated.
While we don't have immediate plans, this is an area our team are looking to review. We will update you if there is any planned changes to this, through this idea.
An error occurred while saving the comment Ashoka Reddy supported this idea ·An error occurred while saving the comment Ashoka Reddy commentedDear Xero team,
You shared this so-called 'idea', 9 years ago!
What is the purpose of voting on this "product-ideas-to-be-ignored" page?
Having a Demo company on your customers' portals and not giving them the control to delete or hide it, is an Information Security risk and a serious system design flaw for any Software-as-a-Service (SaaS) application.
It is an attack surface that is unmonitored and unadministrable from your customers' IT, Finance and Information Security teams.
It should not be dismissed by putting up for a vote by your customers and then simply ignoring their annoyance, frustration and patience.
This is not merely a product feature request idea. This is a User Interface and Information Security design flaw that needs to be addressed as soon as possible.
All of your customers have a responsibility to demonstrate due care and diligence has been taken. On a demo system, there may well be live data, that has not been anonymized. Without proper governance of these demo systems, there's a good chance they will be non-compliant with GDPR regulations, and consequently at risk of heavy fines.
In this state of affairs, Xero will not be trusted. Implementing the SOC 2 framework for information security controls for service organizations would be a good start for Xero to gain that trust.
Respectfully,
Ashoka Reddy
fractional CTO and virtual CISO
Xero - you really are not listening to a reasonable request from your customers. This reflects a 'could-care-less' attitude.
This is not a product idea. It is adding confusion and irritation and untidyness into the use of Xero for many businesses, accountants and consultants. Archiving a company and removing from the active company list, is the way it should be done in the first place.
Demo data is by it's very nature, inaccurate, and once it's served its purpose, a company should be able to delete it, For inactive, old companies, the same is true, unless there are legal reasons and agreed data retention periods in place. Renaming these companies with a Z prefix so they appear at the bottom of the active company list is a joke. Preventing your customers to delete or archive the data on their own system after they have requested this from you, contravenes GDPR.
Furthermore, Xero is adding to this 'couldn't-care-less' attitude with no acknowledgement or understanding of the impact of this design flaw. This is enough for existing customers to consider switching and complain about Xero, It has an impact on Xero brand reputation. Protecting this should be a top priority for the senior leadership team.
It's not a matter of putting a glaring design flaw to the vote on your so-called product ideas page. Please escalate this to your senior leadership team. We expect courtesy, listening, and a reasoned decision on your intention. It's not good enough to say it's still not in the plan after so many years.