Xoxoday enables administrators to export comprehensive audit trails, user access records, and role assignments through the Reports → Administrative Data module, supporting compliance with frameworks like SOC 2 Type II and ISO 27001.
Audit Logging and User Access Tracking in Xoxoday
Xoxoday gives organizations full visibility into who accessed what, when, and what changes were made across the rewards program. This level of traceability is essential for enterprise compliance programs, internal audits, and security governance. Xoxoday surfaces all of it through a dedicated administrative reporting interface — no engineering tickets required.Accessing Audit Data
Administrators navigate to Reports → Administrative Data to retrieve logs. This module consolidates user activity, role assignments, and program-level audit trails into exportable datasets. Access requires view rights to both the User Access Management and Reports modules, enforcing a least-privilege model aligned with frameworks like ISO 27001 and SOC 2 Type II. This permission gating ensures sensitive audit records are available only to authorized personnel — a control auditors routinely look for during certification reviews.User and Role Export
Xoxoday allows administrators to export a complete list of users and their assigned roles across the organization. This is particularly useful during periodic access reviews. For example, when an HR team needs to verify that off-boarded employees provisioned through Workday or SAP SuccessFactors no longer hold active accounts or elevated permissions in Xoxoday, the role export provides an instant, structured snapshot to reconcile against the source HRMS.Audit Trail Export
Beyond who has access, Xoxoday logs what was done. Program-specific audit trails record administrator and user actions with timestamps, producing a history suitable for compliance reporting. These logs can be exported and submitted as evidence during a third-party SOC 2 Type II assessment or reviewed during an internal governance cycle without relying on engineering resources.Member-Level Activity Logs
At the individual level, Xoxoday captures profile updates, activity history, and behavioral changes for each member. Administrators can view this data at both granular and aggregate levels. This supports use cases such as identifying anomalous redemption behavior, resolving support escalations, or producing engagement evidence for program stakeholders.Compliance Use Cases
Security and compliance teams preparing for ISO 27001 audits or maintaining SOC 2 Type II posture can pull on-demand audit artifacts directly from Xoxoday. For organizations running Xoxoday alongside HRMS platforms like Darwinbox or SAP SuccessFactors, the audit logs provide a complementary traceability layer specific to rewards program activity — one that sits outside the HRMS but feeds directly into the same compliance workflows. Xoxoday’s administrative data exports are structured for immediate use: downloadable, filterable, and ready to attach to audit evidence packages without reformatting.Learn more: Xoxoday Help Centre — Financial
How does Xoxoday manage role-based access control?
Learn how Xoxoday assigns and enforces permissions across administrators, managers, and members.
What compliance certifications does Xoxoday hold?
Explore Xoxoday’s security posture including SOC 2 Type II and ISO 27001 certifications.