Over the years I have isolated xp_cmdshell, xp_sendmail etc from users and 3rd Party applications by using a stored procedure in front of the system procs. All inputs are checked and the made safe and logged.

Of course another option is to start using assemblies on some of this but then that starts meaning trusted databases and code that cant be read. These are different risk and potentially mopre serious risks.

It is better to help the developers/3rd Parties to change the code to something safer than just saying no. Minimal change is easier to adapt to then a completely different method accompanied by a steep learning curve