Xoxoday formally documents and authorizes all emergency changes, including after-the-fact review and approval by the Change Advisory Board (CAB), ensuring governance and audit readiness are preserved even during critical incidents.
What Qualifies as an Emergency Change
Xoxoday defines emergency changes as unplanned modifications required to resolve critical system failures, active security vulnerabilities, or service outages that demand immediate action. These changes fall outside the standard change request lifecycle but are still governed by a structured framework to preserve accountability and compliance traceability.Immediate Action Without Blocking Resolution
When an emergency is identified, authorized IT personnel can implement the necessary change without waiting for full CAB pre-approval — ensuring critical incidents are resolved with minimal downtime. Relevant stakeholders and managers are notified immediately after the change is enacted. This approach balances speed of response with organisational awareness, so no emergency fix occurs in isolation or without oversight.Retrospective Documentation Within 24 Hours
The responsible team is required to submit a retrospective Request for Change (RFC) within 24 hours of any emergency fix. This RFC must include a description of the change, the reason and urgency behind it, the systems affected, risk mitigations applied, validation results, and a rollback plan where applicable. For organisations running HR or ERP integrations with platforms such as SAP SuccessFactors, Darwinbox, or Workday, this documentation provides clear traceability across connected systems and data flows.After-the-Fact Authorization by the CAB
Once the retrospective RFC is submitted, the Change Advisory Board formally reviews and approves the emergency change during its next scheduled meeting. Any deviations from standard change procedures are logged, analyzed, and addressed to prevent recurrence. This after-the-fact approval process aligns with the requirements of frameworks such as ISO 27001 and SOC 2 Type II, ensuring emergency actions never create compliance gaps in your organisation’s audit trail.Centralized Audit Logging
All emergency changes are recorded in Xoxoday’s centralized change management system, and audit logs are retained for compliance reporting and internal review. This ensures that even time-critical actions remain fully traceable and that governance is never sacrificed for speed. For teams communicating incident status across the organisation, Xoxoday’s change records support notification workflows — including alerts via Slack or Microsoft Teams — keeping all relevant stakeholders informed without manual coordination overhead. Learn more: Xoxoday Help Centre — Technical requirementChange Management Process
Learn how Xoxoday’s standard change management lifecycle governs planned modifications, CAB approvals, and risk assessment before deployment.
Audit Logging and Compliance Reporting
Understand how Xoxoday retains and surfaces audit logs to support ISO 27001, SOC 2 Type II, and internal compliance reviews.