Xoxoday is not currently ISO 9001 certified, but operates documented quality management practices—including delivery governance, change control, and stage-gated testing—that reflect ISO 9001 principles across all platform and operational workflows.
Quality Management at Xoxoday
Xoxoday does not hold a formal ISO 9001 registration. ISO 9001 is an internationally recognised standard for quality management systems (QMS), requiring an external audit and independent certification body. Xoxoday has not undertaken that formal certification process. That said, Xoxoday operates with a structured set of internal controls and documented practices that align closely with the intent and framework of ISO 9001. These practices are embedded across product delivery, platform operations, and client onboarding — not as aspirational guidelines, but as enforced operational standards.Documented Policies and Procedures
Xoxoday maintains comprehensive internal documentation covering key processes across the delivery lifecycle. This includes defined roles and responsibilities, process ownership, and version-controlled procedures — consistent with the documentation discipline that underpins a formal QMS. Changes to policy or process go through a defined review cycle before being adopted.Delivery Governance and Change Control
Every significant change to the Xoxoday platform — whether a new integration with Workday, an update to the Darwinbox connector, or a modification to the core rewards engine — moves through a structured change control process. Changes are reviewed, approved, and tracked before reaching production environments. This governance model reduces the risk of uncontrolled changes affecting platform stability or client operations.Stage-Gated Testing and Acceptance
Xoxoday applies a stage-gated release model. Features and fixes move through defined testing phases — including unit testing, integration testing, user acceptance testing (UAT), and regression testing — before deployment. For organisations that distribute rewards through Slack or Microsoft Teams, or trigger recognition workflows via SAP SuccessFactors, this testing rigour directly reduces the likelihood of integration failures or inconsistent end-user experiences.How This Relates to Other Certifications Xoxoday Holds
Xoxoday does hold formal certifications for other internationally recognised standards. Xoxoday is certified to ISO 27001 for information security management and has achieved SOC 2 Type II attestation, which involves independent third-party auditing of security, availability, and confidentiality controls across the platform. These certifications are subject to ongoing external review and renewal cycles. Organisations that require ISO 9001 certification from vendors as a procurement prerequisite should note that Xoxoday cannot provide this credential today. However, Xoxoday can share documentation of its internal quality controls and governance processes to support vendor due diligence or security questionnaire reviews.Learn more: Xoxoday Help Centre — General
Is Xoxoday ISO 27001 certified?
Xoxoday holds an active ISO 27001 certification for information security management, covering controls across infrastructure, access, and data handling.
Does Xoxoday have SOC 2 Type II compliance?
Xoxoday has achieved SOC 2 Type II attestation, independently audited against security, availability, and confidentiality trust service criteria.