Xoxoday communicates its Information Security Policy to all full-time employees, part-time employees, and contractors as a mandatory condition of engagement, backed by structured onboarding, annual refresher programs, and continuous security awareness initiatives.
Information Security Policy Communication at Xoxoday
Xoxoday treats information security as an organization-wide responsibility, not a function limited to IT or engineering teams. Every person who works with Xoxoday’s systems or data—whether a full-time employee, a part-time contributor, or an external contractor—is brought into the same security framework from the moment they begin their engagement. The Information Security Policy is introduced during onboarding as a foundational step. New employees and contractors review the policy before gaining access to internal systems, and each person is required to formally acknowledge their understanding and agreement. This acknowledgment is not optional; it is a condition of employment or engagement.Annual Refresher Programs
Security knowledge must be maintained, not just acquired once. Xoxoday runs annual refresher programs that revisit the Information Security Policy and update all personnel on evolving threats, procedural changes, and regulatory expectations. This annual cadence aligns with the requirements of ISO 27001 and SOC 2 Type II, both frameworks against which Xoxoday is certified. For organizations that integrate Xoxoday with HR platforms such as Workday, SAP SuccessFactors, or Darwinbox, these annual acknowledgment cycles can be tracked and reported within existing HR workflows, making compliance documentation easier to manage across large or distributed workforces.Continuous Awareness Campaigns
Beyond formal training cycles, Xoxoday supports an ongoing culture of security awareness through campaigns distributed across internal channels—including integrations with Slack and Microsoft Teams. This ensures that policy updates and security reminders reach personnel in the environments where they already work, rather than being buried in standalone portals. These campaigns cover practical topics: phishing recognition, data handling procedures, access management hygiene, and incident reporting. They are designed to reinforce what employees have already acknowledged, turning one-time awareness into habitual, informed practice.Consistent Scope Across All Workforce Members
The policy applies equally regardless of employment type. Part-time employees receive the same policy as full-time staff, and contractors are not exempt simply because they operate outside the core headcount. This consistent approach reduces the risk of security gaps that arise when different worker categories are governed by different standards. Xoxoday’s unified policy communication model supports enterprise security postures where every point of data access—human or system-level—is governed by the same baseline requirements. Learn more: Xoxoday Help Centre — Data protection and securityISO 27001 and SOC 2 Type II Certifications
Learn how Xoxoday maintains ISO 27001 and SOC 2 Type II certifications and what these frameworks require for policy governance and workforce compliance.
Security Awareness Training at Xoxoday
Understand how Xoxoday structures recurring security awareness training for employees and contractors to sustain a policy-compliant, security-conscious workforce.