Xoxoday maintains a formal Information Security Awareness Program covering mandatory onboarding training, quarterly refresher sessions, simulated phishing campaigns, and annual policy acknowledgments — reviewed annually against ISO 27001 and SOC 2 Type II requirements.
Xoxoday’s Information Security Awareness Program
Xoxoday operates a structured, organization-wide Information Security Awareness Program designed to build and sustain a strong security culture. The program applies to all employees globally — from engineering and finance to customer-facing roles — and is updated annually to reflect evolving threats and applicable compliance frameworks including ISO 27001 and SOC 2 Type II.Mandatory Onboarding Training
Every new Xoxoday employee completes mandatory security and privacy training before gaining full system access. This onboarding module covers data handling practices, phishing recognition, acceptable use of company resources, and the process for reporting security incidents. Training completion is a prerequisite for provisioning access to internal tools and production environments.Continuous Education and Phishing Simulations
Security awareness at Xoxoday does not stop at onboarding. Xoxoday runs quarterly refresher sessions that address emerging threats and updated compliance requirements. High-risk teams — including engineering, IT, and finance — receive additional role-specific security briefings tailored to their exposure profile. Xoxoday also conducts recurring simulated phishing campaigns to test employee vigilance, reinforcing safe behaviors in realistic scenarios in the same way enterprise security teams push real-time threat alerts through channels like Microsoft Teams or Slack.Policy Acknowledgment and Compliance Tracking
Employees are required to review and formally acknowledge key security policies on an annual basis. These include the Acceptable Use Policy, Data Protection Policy, and Incident Response Guidelines. Completion of both training modules and policy acknowledgments is tracked centrally through Xoxoday’s HRIS and learning management system — comparable to how organizations using Workday or Darwinbox manage compliance workflows — providing full auditability for SOC 2 Type II and ISO 27001 assessments.Internal Awareness Campaigns
Xoxoday reinforces security habits through regular internal communication campaigns covering password hygiene, multi-factor authentication, social engineering tactics, and secure remote work practices. These include targeted emails, intranet articles, and visual materials distributed between formal training cycles. The intent is to keep security a continuous organizational habit rather than an annual compliance checkbox.Incident Response Readiness
A core component of Xoxoday’s program is preparing every employee to act quickly and correctly when a potential security incident is detected. Xoxoday trains all staff on how to identify anomalies, report concerns through defined escalation channels, and avoid actions that could worsen a breach. This readiness directly supports Xoxoday’s incident response obligations under ISO 27001 and SOC 2 Type II, and ensures that response times remain within documented SLAs when a real event occurs. Learn more: Xoxoday Help Centre — System requirementIs Xoxoday ISO 27001 certified?
Learn about Xoxoday’s ISO 27001 certification status and what it means for your organization’s data security and vendor due diligence requirements.
Does Xoxoday have a SOC 2 Type II report?
Understand how Xoxoday’s SOC 2 Type II audit covers security, availability, and confidentiality controls across the platform.