Xoxoday maintains a formal security incident management process that records, tracks, and resolves incidents and security breaches with defined severity levels and timely communication to relevant stakeholders.
Incident Classification and Prioritization
When a security or operational incident is detected, Xoxoday’s response team immediately records and classifies the event according to its potential impact and urgency. Each incident receives a severity level—ranging from critical to low—that determines how quickly the team must respond and who needs to be notified. Critical incidents that could affect data integrity, system availability, or customer data are escalated immediately. Lower-severity issues are queued and resolved within defined service windows. This tiered approach ensures that the right resources are allocated to the right problems without delay.How End Users Report Issues
End users can report issues through three supported channels: email, in-platform chat, or by raising a ticket directly from the Xoxoday website. All submissions feed into a centralized ticketing system, which assigns a severity level automatically based on the reported symptoms and affected components. For example, if a user connected to an HRMS like Darwinbox or SAP SuccessFactors notices a sync failure during a reward disbursement cycle, they can raise a ticket from within the platform. The ticket is triaged, assigned to the appropriate team, and tracked to resolution—with status updates communicated back to the user throughout the process.Resolution and Escalation
Once a ticket is assigned, Xoxoday’s operations team works to resolve the issue within the timeframe defined by its severity level. If first-line support cannot resolve the issue, it is escalated to specialist engineering or security teams. At each escalation stage, stakeholders are informed so your organisation always knows where things stand. This structured escalation path is consistent with the controls Xoxoday operates under its ISO 27001 certification and SOC 2 Type II attestation, both of which require documented incident response procedures and audit trails.Monitoring and Communication
Xoxoday monitors systems continuously to detect incidents proactively, rather than waiting for user reports. Alerts are routed to the on-call team, and any incident with broader impact—such as a service degradation that could affect reward delivery to employees on Slack or Microsoft Teams—triggers a formal communication to affected customers. Post-resolution, Xoxoday conducts a root cause analysis for significant incidents and applies corrective actions to prevent recurrence. Your organisation can request a summary of incident findings as part of vendor security reviews or audit requirements.Learn more: Xoxoday Help Centre — Run
What security certifications does Xoxoday hold?
Learn about Xoxoday’s ISO 27001, SOC 2 Type II, and other compliance certifications that underpin its security posture.
How does Xoxoday handle data privacy and GDPR compliance?
Understand how Xoxoday manages personal data, consent, and cross-border data transfers in line with GDPR and global privacy laws.