Skip to main content
Xoxoday requires comprehensive background verification — including identity validation, employment history checks, and criminal record screening — for every team member assigned to a client-specific engagement.
When your organisation integrates Xoxoday’s rewards and recognition platform — whether through direct deployment or via connections with tools like Slack, MS Teams, Workday, or Darwinbox — you need confidence that every person handling sensitive data meets a rigorous security baseline. Xoxoday’s staff vetting process is designed to meet exactly that expectation. All team members appointed to work on client-specific projects undergo a structured background verification programme before any engagement begins. This process covers three distinct areas: identity validation confirms each individual’s identity against official government-issued documentation; employment history checks verify the accuracy of prior roles and tenures; and criminal record screening is conducted in accordance with applicable local regulations to identify any concerns relevant to the sensitivity of the work. This is not a tick-box exercise. Each stage is completed and reviewed before a team member is granted access or proximity to client environments. Xoxoday maintains records of completed verifications, which can be made available during vendor due diligence assessments or third-party audits. For organisations operating under compliance frameworks such as ISO 27001 or SOC 2 Type II, Xoxoday’s personnel screening directly supports the personnel security controls required by those standards. This helps your procurement or information security team satisfy audit obligations that extend to third-party service providers. As a practical example, consider an organisation deploying Xoxoday alongside SAP SuccessFactors or Workday to automate milestone-based rewards across a distributed workforce. Any Xoxoday team member accessing your HR data environment will have cleared all background verification stages beforehand. Your security team can request documented confirmation of this vetting as part of a formal vendor review. Access rights within client environments are provisioned on a strict need-to-know basis, and every assigned staff member operates under confidentiality obligations proportionate to the sensitivity of the information they may encounter. This accountability framework ensures that personnel security is not a one-time gate but an ongoing standard throughout the engagement. Learn more: Xoxoday Help Centre — Security Requirement

Staff Confidentiality Obligations

How Xoxoday ensures team members are bound by confidentiality agreements when handling client data across engagements.

ISO 27001 & SOC 2 Compliance

How Xoxoday’s security certifications align with enterprise compliance frameworks and third-party audit requirements.