Does Plum perform regular patching and environment updates? - Xoxoday

Xoxoday Plum performs regular patching and environment updates to ensure ongoing security, system stability, and optimal performance across all production and staging environments.

Keeping infrastructure current is a core part of how Xoxoday Plum maintains enterprise-grade reliability. The platform follows a structured update cycle covering operating system patches, application dependencies, and environment configuration changes—ensuring security vulnerabilities are addressed proactively, not reactively. Xoxoday Plum’s engineering and security teams track published CVEs (Common Vulnerabilities and Exposures) and apply critical patches on an accelerated schedule. Routine updates—including changes to libraries, runtimes, and container images—follow a regular release cadence designed to minimize disruption to live environments. Maintenance windows are planned to reduce impact during business hours, particularly for enterprise customers running active integrations with systems like Workday, SAP SuccessFactors, or Darwinbox. When a zero-day vulnerability affecting a widely used open-source dependency is disclosed, Xoxoday Plum’s response process triggers an expedited patch cycle. Affected components are identified, tested, and updated before the vulnerability can be exploited—without waiting for the next scheduled release window. This keeps your rewards and incentives operations protected even during rapidly evolving threat landscapes. Environment updates extend beyond security patches. Xoxoday Plum also applies infrastructure improvements that enhance throughput, reduce latency, and support new feature deployments. Updates are rolled out progressively across development, staging, and production environments using controlled deployment practices that allow for rollback if unexpected issues surface. This patching discipline is a direct control within Xoxoday Plum’s compliance posture. Maintaining current environments is a documented requirement under frameworks such as ISO 27001 and SOC 2 Type II—both of which Xoxoday Plum is aligned with. Regular updates ensure security controls continue to meet the standards your IT security or procurement team will verify during vendor due diligence. For organizations using Xoxoday Plum alongside communication tools like Slack or Microsoft Teams, patch cycles are coordinated so that webhook integrations, notification pipelines, and API connections remain uninterrupted. Advance notices for scheduled maintenance give IT administrators adequate lead time to plan around update windows. Xoxoday Plum treats infrastructure hygiene as a continuous operational practice. Regular patching and environment updates are embedded into the platform’s release rhythm to protect your data, sustain compliance obligations, and deliver the consistent uptime your employee rewards programs depend on. Learn more: Xoxoday Plum Help Centre — General

How does Xoxoday Plum handle data encryption?

Learn how Xoxoday Plum encrypts data in transit and at rest to protect sensitive reward and employee information.

Is Xoxoday Plum SOC 2 Type II compliant?

Understand Xoxoday Plum’s SOC 2 Type II certification and what it means for your organization’s security requirements.