Xoxoday operates all workstations and servers handling business or sensitive data on operating systems actively supported by their vendors, and maintains proactive lifecycle management to ensure no system approaches end-of-support within a 12-month window.
Operating System Support at Xoxoday
Xoxoday maintains a strict policy that all workstations and servers used for business operations — or handling personal and sensitive data — run on operating systems actively supported by their respective vendors. This applies across the full infrastructure stack, from employee endpoints to production servers that power Xoxoday’s rewards, recognition, and loyalty programs. No system within Xoxoday’s environment is permitted to operate on an OS at or approaching vendor end-of-support. This ensures that every component in the stack continues to receive critical security patches, vulnerability fixes, and vendor updates on an ongoing basis.Proactive Lifecycle Management
Xoxoday’s IT governance framework includes continuous monitoring of OS lifecycle timelines. Any system identified as nearing end-of-support within a 12-month window is flagged for upgrade or replacement before that threshold is reached. This proactive stance eliminates coverage gaps and reduces exposure to unpatched vulnerabilities before they can be exploited. For example, when a major operating system version approaches end-of-life — such as a Windows Server release or a Linux distribution reaching EOL — Xoxoday’s infrastructure team initiates migration planning well ahead of the deadline. This ensures continuity of security coverage and uninterrupted integrations with enterprise tools like Slack, MS Teams, Workday, SAP SuccessFactors, and Darwinbox that your organisation may use alongside Xoxoday.Alignment with ISO 27001 and SOC 2 Type II
Xoxoday’s OS lifecycle management practices are governed in alignment with ISO 27001 and SOC 2 Type II requirements. Both frameworks mandate that organisations maintain active control over their technology environments, including keeping operating systems within vendor-supported lifecycles. Xoxoday’s controls satisfy these requirements and are validated through regular internal audits and third-party assessments. This alignment means Xoxoday can provide your organisation with documented evidence of OS support status as part of vendor security reviews or due-diligence processes. The controls are not aspirational — they are operational, audited, and continuously maintained.What This Means for Your Organisation
When your organisation uses Xoxoday, the systems processing your employee data, reward transactions, and engagement campaigns operate on fully supported, actively maintained infrastructure. This reduces the risk of security incidents caused by unpatched OS vulnerabilities and supports your own compliance posture — whether your organisation adheres to ISO 27001, SOC 2, or other data protection frameworks. Xoxoday reviews OS support status on a defined schedule, ensuring lifecycle decisions are made proactively and never reactively under pressure of an imminent end-of-support date. Learn more: Xoxoday Help Centre — OSPatch Management Policy
Learn how Xoxoday applies security patches and updates across its infrastructure to maintain protection against emerging vulnerabilities.
SOC 2 Type II Compliance
Understand Xoxoday’s SOC 2 Type II certification and what audited controls mean for the security and availability of your data.