Axya's ERP integration is designed with security as a foundational principle. Your ERP data stays within your control, and only the purchase order information you explicitly choose to share reaches Axya's platform.
- All communication uses HTTPS (TLS 1.2+) — no exceptions
- On-premise middleware communicates outbound only — no inbound firewall ports need to be opened
- No ERP data passes through third-party intermediaries
- API calls are authenticated on every request
- Axya's infrastructure is hosted in Canada
- Database storage encrypted at rest
- File and document storage encrypted at rest
- Regular backups with encryption
- Token-based authentication on every API request
- Tokens are scoped to the specific company's integration
- Credentials stored securely — never transmitted in plain text
All integrations use dedicated service accounts with minimal required permissions:
- Read access to purchase order data
- Write access to designated status and update fields only
- No access to financial, HR, or other sensitive ERP modules
- Each company's data is fully isolated in Axya's platform
- No cross-tenant data access — one customer cannot see another's POs
- Integration credentials are scoped to a single company
- Only authorized buyers can trigger PO syncs from the ERP
- Suppliers can only see POs explicitly assigned to them
- Axya platform roles control who can view, edit, and manage orders
- Integration administrators manage sync configuration independently
- Suppliers access POs through Axya's portal — never through your ERP
- Each supplier sees only the POs they are assigned to
- No supplier has visibility into other suppliers' orders or pricing
- Portal access is scoped and authenticated
The integration typically adds a small custom status field to your PO screen. These customizations are designed to be:
- Non-invasive — They don't modify core ERP tables, business logic, or workflows
- Upgrade-safe — Protected using vendor-recommended mechanisms
- Reversible — Can be removed cleanly if the integration is decommissioned
- Axya monitors sync activity and detects anomalies (stalled syncs, repeated failures)
- Administrators receive alerts when sync issues occur
- Downtime detection notifies IT contacts if no data is received beyond the expected interval
¶ Failure Handling
- Failed syncs are automatically retried over a configurable window
- Failure details are logged with actionable information (which PO failed and why)
- No silent failures — all issues are surfaced to administrators
- All sync operations are logged with timestamps
- PO status changes tracked in both Axya and your ERP
- Supplier actions (acknowledgments, date changes, proposals) are timestamped and attributed
Axya syncs only the data necessary for supplier collaboration:
- PO headers and line items (numbers, quantities, prices, dates)
- Supplier/vendor assignments
- PO PDF documents
- Buyer contact information (for routing notifications)
- Financial data beyond PO-level pricing (GL accounts, budgets, cost centers)
- Internal approval workflows or audit trails
- HR or employee data
- Inventory levels or warehouse data
- Customer or sales data
- Any ERP module data beyond purchasing
Axya follows industry-standard security practices for SaaS platforms:
- Infrastructure hosted in Canada (Canadian data residency)
- Regular security assessments
- Encrypted data at rest and in transit
- Role-based access controls with audit logging
- Dedicated service accounts with principle of least privilege
For specific compliance inquiries (SOC 2, ISO 27001, GDPR), contact your Axya account representative.
Q: Can Axya access data beyond purchase orders in our ERP?
A: No. The service account used by the integration has permissions limited to PO-related data only.
Q: Do we need to open inbound firewall ports?
A: No. On-premise middleware communicates outbound only over HTTPS.
Q: What happens to our data if we stop using Axya?
A: Your PO data remains in your ERP (Axya is not the system of record). Axya data can be exported or deleted upon request.
Q: Can suppliers see other suppliers' POs or pricing?
A: No. Each supplier sees only the POs assigned to them. Supplier data is fully isolated.
Q: Where is our data stored?
A: Axya's infrastructure is hosted in Canada, with encryption at rest and in transit.
For detailed security questions, contact your Axya account representative or email support@axya.co.