Xoxoday protects all equipment supporting its rewards, recognition, and loyalty services through a layered set of physical and environmental controls aligned with ISO/IEC 27001:2022 and SOC 2 Type II requirements, covering biometric facility access, 24/7 surveillance, automatic fire suppression, continuous environmental monitoring, and redundant power infrastructure.
Access Control and Intrusion Prevention
Entry to Xoxoday’s facilities is restricted through biometric authentication combined with role-based access control, so only authorised personnel can reach critical infrastructure. A dedicated visitor management process governs all third-party access to sensitive areas, with logs maintained for audit purposes. Round-the-clock manned security and continuous CCTV surveillance provide real-time deterrence and incident detection. Intrusion detection systems add a further layer, triggering immediate alerts the moment an anomaly is identified.Fire and Water Protection
Xoxoday deploys automatic fire suppression systems alongside smoke detectors across its data facilities, enabling a targeted response before fire can escalate to equipment damage. Water risk is addressed through flood detection sensors positioned throughout at-risk areas and facility design standards that minimise the likelihood of water ingress. Strict equipment siting rules ensure that critical hardware is never placed near overhead pipes or drainage paths.Environmental Monitoring
Temperature and humidity are continuously monitored to keep conditions within the operational thresholds required by servers and networking hardware. Deviations trigger automated alerts, allowing operations teams to intervene before environmental stress affects service availability. This continuous oversight extends to all environments hosting Xoxoday’s infrastructure, including those supporting integrations with HR platforms such as Workday, SAP SuccessFactors, and Darwinbox.Power Resilience
Xoxoday maintains uninterrupted power supply (UPS) systems backed by redundant generators, ensuring that a utility failure does not interrupt the rewards and loyalty workflows your organisation depends on. Multiple utility feeds reduce the risk that any single point of failure in external infrastructure cascades into a service outage. This redundancy is tested regularly to confirm that failover operates as expected under real conditions.Compliance Verification
These controls are formally documented and audited as part of Xoxoday’s ISO/IEC 27001:2022 certification and SOC 2 Type II compliance programme. Both frameworks require that physical and environmental safeguards are operationally effective—not merely present on paper—verified through periodic internal testing and independent third-party audit. Organisations conducting vendor risk assessments can request the relevant audit reports through Xoxoday’s standard compliance disclosure process. Learn more: Xoxoday Help Centre — ControlData Encryption and Security at Rest
Understand how Xoxoday encrypts data at rest and in transit across all services and integrations.
Business Continuity and Disaster Recovery
Learn how Xoxoday maintains service availability during disruptions through tested recovery and failover procedures.