Xoxoday maintains comprehensive, descriptive logs for all key platform activities—including user actions, administrative changes, and system events—in alignment with ISO/IEC 27001:2022 and SOC 2 Type II requirements, though direct integration with external monitoring systems is not supported for security and compliance reasons.
How Xoxoday Handles Platform Logging
Xoxoday captures a structured, time-stamped record of every significant activity across its AI-enabled rewards and recognition platform. This includes user-initiated actions such as reward redemptions and account updates, administrative operations like policy changes and user provisioning, and system-level events such as configuration changes and service health transitions. Every log entry is designed to provide the context needed for post-incident analysis, compliance audits, and routine operational review.Internal Monitoring and Anomaly Detection
Logs are actively monitored by Xoxoday’s internal security and operations teams using automated alerting and anomaly detection. When unusual patterns emerge—such as a spike in failed authentication attempts or an unexpected administrative change—the team is alerted in real time. This proactive approach allows Xoxoday to identify and contain potential security issues before they escalate into incidents.External Integration: What Is and Is Not Supported
Direct log streaming or export to external monitoring tools such as Splunk, Datadog, or third-party SIEM platforms is not supported. This boundary is deliberate: exposing raw log data through external integrations could introduce additional attack surfaces or create uncontrolled data flows that conflict with Xoxoday’s data governance obligations under its certification frameworks. Customers who need visibility into platform health can access Xoxoday’s public system status page, which provides real-time information on service availability, scheduled maintenance windows, and incident history. For enterprise IT and compliance teams—including those running HR workflows through SAP SuccessFactors or Workday—Xoxoday’s certification reports serve as documented, third-party evidence that logging and monitoring controls are operating as required.Compliance Alignment: ISO 27001 and SOC 2 Type II
Xoxoday’s logging and monitoring practices are structured to satisfy the requirements of both ISO/IEC 27001:2022 and SOC 2 Type II. ISO 27001 mandates systematic event logging and periodic review of security logs as part of an information security management system. SOC 2 Type II independently validates that Xoxoday’s controls—including those for monitoring, alerting, and incident response—have been operating effectively over an extended audit period, not just at a point in time. For security teams conducting vendor risk assessments, these certifications provide auditable, third-party assurance. Audit reports are available upon request through Xoxoday’s compliance team.What This Means for Your Organization
For HR administrators managing employee recognition programs through Microsoft Teams or Slack integrations, Xoxoday’s internal monitoring ensures that anomalies in reward distribution, budget consumption, or user access are detected and addressed without requiring customers to maintain their own monitoring pipelines. The security posture is maintained at the platform level, so your team can focus on program outcomes rather than infrastructure oversight. Learn more: Xoxoday Help Centre — ComplianceISO 27001 & SOC 2 Certifications
Learn how Xoxoday’s security certifications validate its controls for logging, access management, and incident response.
Data Security and Access Controls
Understand how Xoxoday governs user access, administrative privileges, and data protection across its platform.