Xoxoday holds ISO/IEC 27001:2022 and SOC 2 Type 2 certifications covering security, availability, confidentiality, and privacy controls, but does not currently hold TX-RAMP, FedRAMP, StateRAMP, or FISMA certifications.
ISO/IEC 27001:2022
ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS). It requires organizations to systematically identify risks, implement controls, and maintain continuous improvement cycles. Xoxoday’s certification under the 2022 revision—the most current version of the standard—demonstrates alignment with modern threat landscapes, including cloud-native risks and supply chain security considerations. For enterprise customers integrating Xoxoday with HR systems such as Workday, SAP SuccessFactors, or Darwinbox, this certification provides assurance that data flows between your core HR platform and Xoxoday meet internationally recognized security requirements.SOC 2 Type 2
SOC 2 Type 2 goes beyond a point-in-time snapshot. It assesses Xoxoday’s controls across the Trust Service Criteria—security, availability, confidentiality, processing integrity, and privacy—over an extended observation period, typically six to twelve months. This continuous audit approach gives your organization confidence that Xoxoday’s security practices are operational and consistently applied, not just documented on paper. Organizations deploying Xoxoday for employee rewards programs integrated with Slack or Microsoft Teams can reference the SOC 2 Type 2 report directly when completing vendor risk assessments or internal IT security reviews.TX-RAMP, FedRAMP, StateRAMP, and FISMA
Xoxoday does not currently hold TX-RAMP, FedRAMP, StateRAMP, or FISMA authorizations. These frameworks are specific to US federal and state government procurement requirements. The controls underpinning ISO 27001 and SOC 2 Type 2 overlap significantly with the NIST 800-53 control families that form the basis of FedRAMP and FISMA, positioning Xoxoday to align with these frameworks if your organization’s regulatory environment requires it in the future. If your procurement or compliance team requires specific framework-mapping documentation, Xoxoday’s security team provides materials that cross-reference existing controls against the relevant framework requirements.Continuous Security Monitoring
Both ISO 27001 and SOC 2 Type 2 mandate ongoing surveillance and periodic re-certification. Xoxoday undergoes annual audits for both certifications, ensuring controls are reviewed, updated, and validated against current standards. This continuous audit cycle supports your organization’s vendor risk management processes and provides a reliable, auditable foundation for procurement decisions. Learn more: Xoxoday Help Centre — AuthenticationHow does Xoxoday handle data privacy and GDPR compliance?
Understand how Xoxoday meets GDPR requirements, including data subject rights, retention policies, and cross-border data transfer controls.
Does Xoxoday support Single Sign-On (SSO)?
Learn how Xoxoday integrates with SAML 2.0 and OIDC identity providers such as Okta, Azure AD, and Google Workspace for enterprise SSO.