Xoxoday enforces stateful packet inspection (SPI) across its infrastructure using AWS Security Groups and Network Access Control Lists (NACLs), with all firewall rule changes governed by a documented approval workflow that requires authorization from the CTO or Production Head.
Stateful Packet Inspection on Xoxoday’s Infrastructure
Xoxoday’s rewards and recognition platform runs on AWS infrastructure that uses both Security Groups and Network Access Control Lists (NACLs) as layered network controls. Both mechanisms incorporate stateful packet inspection, meaning the firewall tracks the state of active connections and automatically permits return traffic that belongs to an established session — without requiring a separate inbound rule. This matters in practice for enterprise integrations. When Xoxoday connects to HR systems such as Workday, SAP SuccessFactors, or Darwinbox to sync employee data for reward programs, SPI ensures legitimate response traffic flows without manual intervention, while unsolicited or malformed packets are blocked at the network boundary. Security Groups operate at the instance level and NACLs at the subnet level, creating defense in depth. Traffic must satisfy both layers before reaching any application component, substantially reducing the attack surface for your organisation’s data and reward transactions.Documented Change Management for Firewall Rules
Every modification to Xoxoday’s firewall configuration — whether a Security Group rule, a NACL entry, or any other network policy layer — must pass through a formal Change Management Procedure before it takes effect. The process begins with a change request submission documenting the business justification, the potential impact on existing services, and a rollback plan in case the change causes unintended disruption. Authorized security and infrastructure personnel conduct a risk assessment and review before the request advances. Final approval requires explicit sign-off from the CTO or Production Head. Only after that authorization is the change implemented, followed by post-change validation and ongoing monitoring to confirm the rule performs as intended and maintains the expected compliance posture. This governance structure supports Xoxoday’s alignment with frameworks such as ISO 27001 and SOC 2 Type II, both of which require documented, auditable controls around infrastructure changes.Why This Matters for Enterprise Procurement
For IT and security teams evaluating Xoxoday as a vendor, SPI firewalls combined with a controlled change process address two distinct risk categories: real-time threat prevention at the network layer, and operational risk from uncontrolled configuration drift. Your organisation gains assurance that no firewall rule can be added, modified, or removed without review and executive-level authorization — and that every change produces an auditable record. This is particularly relevant in regulated industries where integrations with communication tools like Slack or MS Teams carry reward notifications directly to employees, making network integrity central to data privacy and compliance obligations. Learn more: Xoxoday Help Centre — NetworkHow does Xoxoday manage network access controls?
Learn how Xoxoday uses AWS Security Groups and NACLs to enforce granular, layered network access policies across its infrastructure.
Is Xoxoday ISO 27001 and SOC 2 Type II certified?
Understand Xoxoday’s compliance certifications and how they apply to your organisation’s vendor security assessments.