Felix is proud to announce SOC 2 certification and GDPR compliance.

Kristy Dale   |   August 31, 2023

In August 2023, Felix achieved SOC 2 Type 1 certification and GDPR compliance, an exciting moment for us as we continue to hold ourselves to the highest standards for data security.    

As Felix gains more and more interest from customers across the globe, it’s imperative that we uphold to the security and privacy safeguards that are recognised internationally, including SOC 2 in North America, and GDPR in Europe. 

 

What is SOC 2 Type 1 compliance? 

SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to demonstrate the security processes and controls in organisations such as Felix. By being compliant, all our product and service-related systems meet industry-standard security and privacy protocols. SOC 2 focuses on five Trust Services Criteria (TSC) – security criteria, system availability, data confidentiality, and privacy requirements for handling personal information.  

To hold this compliance, companies must be audited by an independent certified public accountant who works with the company on an assessment and determines whether the company meets the appropriate standards established by the American Institute of Certified Public Accountants (AICPA). 

Being SOC 2 compliant shows that Felix has the governance, infrastructure, and systems in place to protect customer information from unauthorised access both from within and outside the company. 

 

What is GDPR? 

General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Union (EU) and European Economic Area (EEA) by giving them control over how their personal data gets used online. It also sets specific rules and principles that businesses worldwide must follow to process that data legally.  

The GDPR outlines several rules and principles that organisations such as Felix must follow, and any breaches can result harsh fines. Felix had always been open on what personal data we collect and process them only for the purpose explicitly specified in our Data Protection and Privacy Policies. 

We now have more granular controls and safeguards to ensure our users' personal data will not be processed beyond the stated purposes unless further processing is considered compatible with the purposes for which the personal data was originally collected. We have also introduced the necessary processes to handled changes of consent, withdrawal of consent and other consent related data requests. 

Felix achieving GDPR compliance demonstrates how serious we are in terms of protecting user data as GDPR has higher requirements to that of the Australian Privacy Act (1998). 

 

Our journey to SOC 2 and GDPR compliance 

In April 2023 we began the process for Felix to be recognised as compliant for SOC 2 Type 1 and GDPR. As we are already ISO 27001 certified, this foundation meant we could achieve compliance much faster as most of the groundwork was already done. 

The journey mostly involved developing new processes for data protection and privacy to align with the additional requirements of SOC 2 and GDPR. One major change to achieve GDPR compliance was the introduction of a more in-depth Privacy Impact Assessment during product development.  

The way AssuranceLab, our cybersecurity audit partner, conducts audits suited how Felix operates, speeding up the process. The audit was conducted in an agile manner and over the course of four months, various controls were progressively audited.  

Our audit was completed on 27 July 2023 and the report confirming that we achieved SOC 2 Type 1 certification status and GDPR compliance released just three weeks after. 

 

What’s next? 

Felix will be looking towards SOC 2 Type 2 certification in the next 12 months.   

While a SOC 2 Type 1 certification evaluates Felix’s cybersecurity controls at a single point in time, a SOC 2 Type 2 report will examine how well our system and controls perform over a period of time. Type 2 audits can take 12 months to complete and are more comprehensive.  

Learn more about Felix’s Security and Compliance measures, or contact us to learn more about how SOC 2 and GDPR compliance works and how we adhere to it. 

Kristy Dale
As our Product Marketing Manager at Felix, Kristy enjoys connecting with customers to understand their needs and expectations, driving innovative solutions to help the construction industry build a better way.
Follow me:

Related Articles

Technology, Risk mitigation
SOC 2 Type II: another milestone achievement for Felix

In August 2023, we shared our excitement in achieving our SOC 2 Type 1 certification. 

Today, we’re proud to announce a further significant milestone in our commitment to data security – and that’s our successful completion of the SOC 2 Type 2 certification.   

Technology
Webinar recap: Product Showcase August 2023

We’re excited to present to you our second webinar in the series – Evolving Felix, a Product Showcase. 

Value creation
Using Felix to support transparent communication with vendors during the tendering process

Vendor communication is an important part of the tendering process. While an RFQ is open and sitting with vendors, information may change and when it does, vendors should be informed.

Let's stay in touch

Get the monthly dose of supply chain, procurement and technology insights with the Felix newsletter.