Felix Achieves SOC 2 Type II Certification | Felix Blog
In August 2023, we shared our excitement in achieving our SOC 2 Type 1 certification.
Today, we’re proud to announce a further significant milestone in our commitment to data security – and that’s our successful completion of the SOC 2 Type 2 certification.
This accomplishment highlights our operational excellence, and our dedication in ensuring the highest level of protection and compliance when it comes to safeguarding our customer information. This becomes of more and more important as Felix continues to expand on a global scale.
What is SOC reporting?
Service Organisation Control (SOC) reporting is a way for organisations to receive an independent, third-party certification saying that their internal controls and processes meet established standards, laws and regulation.
Felix has teamed up with AssuranceLab as our independent audit partner, and upon completion of our successful audit it’s confirmed that we are SOC 2 Type 2 compliant.
What’s SOC 2 compliance?
SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to demonstrate the security processes and controls in organisations such as Felix. By being compliant, all our product and service-related systems meet industry-standard security and privacy protocols. SOC 2 focuses on five Trust Services Criteria (TSC) – security criteria, system availability, data confidentiality, and privacy requirements for handling personal information.
Felix had been audited by an independent certified public accountant who works with the company on an assessment and determines whether the company meets the appropriate standards established by the American Institute of Certified Public Accountants (AICPA).
Being SOC 2 compliant shows that Felix has the governance, infrastructure, and systems in place to protect customer information from a holistic manner across the company.
About SOC 2 Type 2 certification
SOC 2 Type 2 compliance evaluates how well an organisation’s systems and controls perform over a period of time, and for Felix this testing period took place from 1 August 2023 to 31 July 2024. The audit by AssuranceLab took three months to complete, where they diligently examined hundreds of controls and data points from the testing period. The Type 2 style audits for SOC 2 and GDPR validates Felix’s commitment to maintain high standard of security, availability, confidentiality and data protection.
What’s next?
Our SOC 2 Type 2 audit will be re-validated annually so that we continue to uphold our compliance. In the future, we will be investigating ways to improve and automate compliance processes and will look at introducing new innovations to ensure our compliance programs are run as effectively and efficiently as possible.
Learn more about Felix’s Security and Compliance measures, or contact us to learn more about our SOC 2 Type II certification.
Recent Articles
Building Brisbane, building the future: Reflections from FCON26
Last week I had the chance to attend FCON26 – the 6th annual Future of Construction Summit – held at the Royal International Convention Centre in Brisbane. Over two days, more than 1,000 construction industry professionals gathered to talk strategy, technology and the future of how Australia delivers.
Why your ERP is costing you more than you think: the case for purpose-built vendor management
Vendor management is mission-critical – so why are so many organisations trying to run it through a system that wasn't built for it?
.jpeg)
How to manage procurement risk across the supplier lifecycle
Procurement risk management is no longer a one-time onboarding task. In asset and capital-intensive industries, supplier risk shifts constantly as vendors move from planning through to delivery and renewal. When procurement is managed across spreadsheets, emails, and disconnected systems, visibility breaks down, data becomes outdated, and risk is harder to manage.
A lifecycle approach allows you to connect vendor onboarding, procurement planning, sourcing, and performance. This way, teams can strengthen their procurement risk management while supporting broader supply chain risk management and third-party risk management objectives.
