Xoxoday Plum maintains a dedicated bug tracking and resolution process, supported by annual Vulnerability Assessment and Penetration Testing (VAPT), to proactively identify and remediate issues before they impact product quality or security.
A Structured Approach to Bug Management
Xoxoday Plum operates a formal bug tracking and resolution process through dedicated issue tracking systems. Every identified defect — whether surfaced by internal QA, security testing, or user reporting — is logged, categorized, and assigned a priority level. This structured workflow ensures no issue falls through the cracks and that remediation timelines are clearly defined and enforced. Severity classification drives the resolution lifecycle. Critical and high-severity issues, particularly those affecting data integrity or access control, are escalated immediately and follow an expedited resolution path. Lower-severity bugs are queued and addressed in regular release cycles, maintaining a predictable cadence that keeps the platform stable for enterprise deployments.Annual Vulnerability Assessment and Penetration Testing
Xoxoday Plum conducts Vulnerability Assessment and Penetration Testing (VAPT) on an annual basis. VAPT exercises simulate real-world attack scenarios against the platform’s infrastructure, APIs, and application layers, systematically uncovering vulnerabilities that routine QA may not surface. Findings from each VAPT cycle feed directly into the bug tracking system, where they are triaged and remediated with the same rigour applied to functional defects. This practice aligns with the requirements of internationally recognised security frameworks. Xoxoday Plum’s adherence to ISO 27001 and SOC 2 Type II standards means that VAPT findings are not treated as isolated events — they are documented, tracked to closure, and reviewed as part of ongoing audit cycles. Your organisation can request evidence of completed VAPT assessments and remediation status during security due diligence.From Detection to Resolution
When a vulnerability or bug is identified, the process moves through defined stages: detection, triage, assignment, fix development, quality verification, and deployment. Each stage has an owner and a target completion window. For integrations with enterprise HR systems such as Workday, SAP SuccessFactors, or Darwinbox, any bug affecting data sync or reward fulfilment is treated with elevated priority given the downstream impact on employee experience. Post-remediation, fixes undergo regression testing before release to confirm the issue is fully resolved and that no adjacent functionality has been affected. This closed-loop process means your organisation benefits from a platform that continuously strengthens its defect posture with every release cycle.Learn more: [Xoxoday Plum Help Centre — General](
Security Certifications and Compliance
Understand how Xoxoday Plum meets ISO 27001 and SOC 2 Type II requirements to protect your organisation’s data.
Data Security and Privacy Practices
Learn how Xoxoday Plum handles data encryption, access controls, and privacy policies across the platform.