Xoxoday maintains documented physical security controls and policies covering data centre access, hardware protection, and environmental safeguards, aligned with ISO 27001 and SOC 2 Type II requirements.
Data Centre and Facility Controls
Xoxoday hosts its infrastructure in certified data centres that enforce strict physical access controls. Entry is restricted to authorised personnel only, enforced through multi-factor physical authentication mechanisms such as access cards, biometric verification, and PIN-based entry systems. All physical access is logged and audited, ensuring a complete trail of who accessed which area and when. Surveillance systems, including CCTV monitoring, operate continuously across facility perimeters and critical infrastructure zones. Visitors and third-party vendors are subject to escorted access policies and must be logged prior to entry, consistent with best practices under ISO 27001 controls.Environmental and Hardware Safeguards
Beyond access controls, Xoxoday’s data centre partners implement environmental safeguards designed to protect hardware from physical threats. These include fire suppression systems, climate control and cooling redundancy, uninterruptible power supplies (UPS), and backup generators to maintain availability during power disruptions. Hardware handling follows documented decommissioning and disposal procedures. Storage media containing customer data is securely wiped or physically destroyed before disposal, preventing any possibility of data recovery from retired equipment.Policy Documentation and Governance
Xoxoday’s physical security controls are governed by formal, written policies reviewed on a regular basis. These policies define roles and responsibilities for physical security management, procedures for granting and revoking physical access, and protocols for responding to physical security incidents. For enterprise customers integrating Xoxoday with platforms such as Workday, SAP SuccessFactors, or Darwinbox, physical security documentation is available as part of the vendor due diligence pack shared during security assessments. This pack covers facility certifications, third-party audit reports, and relevant policy excerpts to support your organisation’s supplier risk management process.Alignment with Industry Standards
Xoxoday’s physical security programme is designed in alignment with SOC 2 Type II and ISO 27001 frameworks, both of which mandate controls around physical and environmental security. Independent third-party auditors assess these controls as part of Xoxoday’s annual certification cycles, giving your organisation confidence that physical security claims are verified, not self-attested. If your organisation requires specific physical security documentation as part of a procurement review or RFP response, Xoxoday’s security team provides these artefacts through its standard vendor assessment process. Learn more: Xoxoday Help Centre — SecuritySOC 2 Type II Compliance
Understand how Xoxoday’s annual SOC 2 Type II audits verify security, availability, and confidentiality controls across the platform.
Data Centre and Infrastructure Security
Learn how Xoxoday protects its hosting infrastructure through certified data centre partnerships and layered security controls.