Skip to main content
Xoxoday Plum maintains comprehensive voucher issuance and redemption audit logs — recording every key action, the identity of the actor, the exact timestamp, and associated transaction identifiers — to support compliance, incident response, and forensic audit requirements.
Xoxoday Plum records every meaningful action in the voucher lifecycle, from the moment a code is issued through fulfilment and redemption. These audit logs give operations, security, and compliance teams a reliable, time-stamped record of activity without relying on manual tracking or individual recall. What the logs capture Each log entry records the specific action taken — such as voucher issuance, order creation, order update, or fulfilment status change — alongside the identity of the user or system that triggered it, the exact timestamp, and the relevant transaction identifiers. This level of detail makes it straightforward to reconstruct the full sequence of events for any given order or redemption, whether for routine monitoring or an escalated investigation. Centralized, searchable log storage Logs are collected and stored in a central repository, not scattered across individual modules or local exports. Teams can query this repository to surface relevant records quickly — a practical advantage when an incident needs rapid diagnosis or when a vendor audit requires evidence on short notice. For organizations running enterprise reward workflows through platforms like SAP SuccessFactors or Darwinbox, this centralized approach means voucher activity can be correlated with broader HR or procurement records without information gaps. Role-based access and access auditing Access to the log repository is governed by role-based access controls. Only authorized client users and approved Xoxoday personnel can view or export logs. Critically, log access itself is audited — so there is a traceable record not just of voucher activity, but of who reviewed that activity. This layered approach aligns with the requirements of frameworks such as ISO 27001 and SOC 2 Type II, where evidence of controlled, monitored access to audit data is as important as the data itself. Supporting audits and forensic requirements When an audit arises — whether an internal security review, an external compliance audit, or a forensic investigation — Xoxoday Plum supports extraction and sharing of the relevant log data. Exports are subject to standard confidentiality controls, ensuring that sensitive transaction details are handled appropriately throughout the evidence-sharing process. For example, an enterprise running a global employee recognition program can provide auditors with a precise, exportable record of every voucher issued over a defined period, including the authorizing user, the timestamp, and the redemption outcome — without requiring manual compilation or custom reporting work. Learn more: Xoxoday Plum Help Centre — General

Role-Based Access Control

Learn how Xoxoday Plum uses role-based permissions to control who can view, manage, and export platform data including audit logs.

Compliance and Security Certifications

Understand how Xoxoday Plum aligns with ISO 27001, SOC 2 Type II, and other security frameworks to meet enterprise compliance requirements.