Skip to main content
Xoxoday restricts software installation on all company-owned and managed systems to IT administrators and personnel explicitly approved by the Information Security team, ensuring only authorized, licensed, and security-vetted applications are deployed.
Xoxoday maintains a formal software governance policy that governs what can be installed on company-owned and managed devices. Only software that has been authorized, properly licensed, and vetted for security is permitted. This policy applies across the entire organization, from corporate laptops to the infrastructure supporting Xoxoday’s rewards and recognition platform. Who Can Install Software Software installation is restricted to designated IT administrators and any personnel who have received explicit approval from Xoxoday’s Information Security team. Standard employees cannot install applications independently. This control prevents unauthorized tools, freeware, or shadow IT applications from entering the environment without formal review. Why This Policy Exists Unsupported or unlicensed software introduces significant risk. Applications from unverified sources can carry malware, create unpatched vulnerabilities, or violate commercial licensing agreements. By centralizing installation authority, Xoxoday ensures every piece of software on its systems has been assessed for security posture, vendor support status, and license compliance before deployment. This governance model directly supports Xoxoday’s compliance with ISO 27001 and SOC 2 Type II frameworks, both of which require organizations to maintain controls over software inventory and restrict unauthorized installations. Endpoint management solutions such as Microsoft Intune enforce these policies programmatically, flagging or blocking non-compliant software across managed devices. A Practical Example When a team configures Xoxoday alongside enterprise HR platforms like Workday or SAP SuccessFactors, any supporting agents, connectors, or desktop utilities required for that integration must pass IT approval before installation. The same process applies to productivity tools like Slack or Microsoft Teams plugins that connect with Xoxoday’s platform. IT administrators review each request, verify licensing, confirm security compatibility, and execute the deployment centrally. Reducing Risk Across the Organization This approach eliminates a common attack vector: the inadvertent installation of malicious software disguised as legitimate productivity tools. By ensuring only vetted software runs on Xoxoday’s infrastructure, the company protects customer data, maintains platform integrity, and upholds the security standards that enterprise customers require from a global rewards and recognition provider. Learn more: Xoxoday Help Centre — Data protection and security

How does Xoxoday manage endpoint security?

Learn how Xoxoday protects company-owned devices through endpoint management policies and layered security controls.

Does Xoxoday perform regular security patching?

Understand Xoxoday’s approach to keeping systems current with security patches and vulnerability remediation.