Felix is proud to announce that we are now SOC 2 Type 1 certified and GDPR compliant. SOC 2 Type 1 certification confirms and details the security and privacy safeguards we’ve implemented for our customers in compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). While GDPR protects the privacy rights of individuals in the European Union (EU) and European Economic Area (EEA) by giving them control over how their personal data gets used online. It also sets specific rules and principles that we must follow to process that data legally.
“Felix takes security and compliance very seriously. We are already ISO/IEC 27001:2013 certified, and now being SOC 2 Type 1 certified demonstrates how we continue to hold ourselves to the highest standards for data security.
SOC 2 and GDPR compliance is completely voluntary, but Felix felt it was important to achieve this compliance to prove our commitment to data protection for both our enterprise customers and vendors.” explained Felix’s Head of Professional Services and Governance and Chair of Felix’s Information Security Committee, Tony Chan.
What is SOC 2 Type 1 compliance?
SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to demonstrate the security processes and controls in organisations such as Felix. By being compliant, all our product and service-related systems meet industry-standard security and privacy protocols. SOC 2 focuses on five Trust Services Criteria (TSC) – security criteria, system availability, data confidentiality, and privacy requirements for handling personal information.
To hold this compliance, companies must be audited by an independent certified public accountant who works with the company on an assessment and determines whether the company meets the appropriate standards established by the American Institute of Certified Public Accountants (AICPA).
Being SOC 2 compliant shows that Felix has the governance, infrastructure, and systems in place to protect customer information from unauthorised access both from within and outside the company.
What is GDPR?
General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Union (EU) by giving them control over how their personal data gets used online. It also sets specific rules and principles that businesses worldwide must follow to process that data legally.
The GDPR outlines several rules and principles that organisations such as Felix must follow, and any breaches can result harsh fines. Felix had always been open on what personal data we collect and process them only for the purpose explicitly specified in our Data Protection and Privacy Policies.
We now have more granular controls and safeguards to ensure our users' personal data will not be processed beyond the stated purposes unless further processing is considered compatible with the purposes for which the personal data was originally collected. We have also introduced the necessary processes to handled changes of consent, withdrawal of consent and other consent related data requests.
What’s next?
Felix will be looking towards SOC 2 Type 2 certification in the next 12 months.
While a SOC 2 Type 1 certification evaluates Felix’s cybersecurity controls at a single point in time, a SOC 2 Type 2 report will examine how well our system and controls perform over a period of time. Type 2 audits can take 12 months to complete and are more comprehensive.
“The protection of our customer data is critical for us at Felix. We’re committed to maintaining our SOC 2 compliance, as well as our other security and compliance certifications and measures, as we continuously strengthen our platform to protect against the evolving cyber threat landscape,” says Tony.
You can visit our website to learn more about Felix’s Security and Compliance measures, or contact us to learn more about how SOC 2 and GDPR compliance works and how we adhere to it.
--ENDS--
