Empuls reviews firewall rules and active connections on scheduled intervals aligned with business requirements, requires approval from the business head or designated representatives before any configuration change, and manages every such change through a formal change management process.
Periodic Firewall Rule Reviews
Empuls maintains a structured cadence for reviewing firewall rules and active network connections. These reviews are conducted on planned intervals and are scoped to reflect current business requirements — not a fixed calendar schedule that may fall out of sync with how the system is actually used. Rules that are no longer needed, overly permissive, or misaligned with the current network architecture are flagged for remediation. This approach aligns with control objectives defined under ISO 27001 (Annex A.8.20, network security controls) and is auditable under SOC 2 Type II’s availability and security criteria. Organizations running security assessments on Empuls as a vendor can request documentation of these review cycles.Mandatory Approval Before Any Change
No firewall configuration change at Empuls moves to implementation without explicit authorization. Approval must come from the business head or a formally designated representative. This applies to any change — whether it’s opening a new connection to support an HR integration with SAP SuccessFactors or Darwinbox, or restricting an existing rule that is no longer required. This approval gate prevents unilateral changes and ensures accountability is traceable to a named decision-maker. The authorization step is built into the process, not left to discretion.Formal Change Management From Request to Deployment
Once a change is approved, it enters Empuls’s formal change management workflow. Each change is logged with the requestor, the approver, a description of what is being modified, and a timestamp of when it was applied. This creates an auditable trail that supports both internal governance and external vendor reviews. As a practical example: when Empuls configures or updates a firewall rule to support a new integration endpoint — such as enabling webhook traffic from Slack or Microsoft Teams for recognition notifications — that rule update follows the same review, approval, and change-log process as any other infrastructure modification. There are no fast paths or undocumented exceptions in production environments.What This Means for Enterprise Procurement
Enterprise HR and IT teams evaluating Empuls through a security questionnaire will typically ask whether firewall changes are controlled and who owns authorization. Xoxoday Empuls addresses this directly: periodic review, business-head approval, and formal change logging are all in place. For organizations in regulated industries or those working toward or maintaining SOC 2 Type II attestation, this level of firewall governance reduces the surface area of concern during audits. Empuls provides supporting documentation for these controls as part of its vendor due diligence process. Learn more: Empuls Help Centre — Security ComplianceNetwork Access Controls
How Empuls controls and monitors network access across its infrastructure, including segmentation and least-privilege principles.
Security Certifications and Compliance
Overview of the compliance frameworks Empuls is certified against, including ISO 27001 and SOC 2 Type II.