Rest assured that here at Felix we take security and compliance very seriously. When it comes to security, we are ISO/IEC 20071:2013 and SOC 2 Type 1 certified. For Data Protection and Privacy we are audited to be compliant to the European Union's General Data Protection Regulation (GDPR) and the Australian Privacy Act (1988).
Here's what you need to know.
ISO/IEC 27001:2013 (also referred to as ISO 27001) is the international standard for information security, which looks at how organisations manage their information security by addressing people, processes and technology against standards and best practice approaches. Felix is ISO 27001 certified, which means we are recognised worldwide for having information security best practices, and we are continuously subject to audits and reviews to ensure our accreditation is upheld on an ongoing basis.
To meet this standard, there are various security and compliance measures we need to sustain, and below is the most important information that you need to know to ensure that your data is secure with Felix.
SOC 2 is a security framework developed by the American Institute of Certified Public Accountants (AICPA) to demonstrate the security processes and controls in organisations such as Felix. SOC 2 focuses on the five Trust Services Criteria - security, availability, confidentiality, processing integrity and privacy. A rigorous audit process by an Independent Service Auditor ensures Felix as a service provider stores and processes client's data in a secure manner.
Felix uses an industry-leading Web Application Firewall (WAF) to carefully monitor traffic and filter traffic from unsecured or suspicious sources, ensuring the protection of your data.
End-to-end encryption is applied, so that a malicious attacker cannot read content if they were to intercept a communication. We adhere to TLS (Transport Layer Security) 1.2 which is an encryption protocol designed to keep data secure when being transferred over a network, and across our application infrastructure.
For greater security and control when authenticating your Felix users, you can choose to enable SSO if you have a SAML 2.x compatible Identity Management platform (such as Microsoft Entra - formerly Azure AD). This allows your staff to log into Felix using their single set of corporate credentials.
Not only does this simplify access to Felix, SSO enhances security by allowing you to enforce your authentication and password policies and simplifies user management compliance in your cyber security programs.
Learn more about SSO for Felix.
Felix has various network security controls that cover security design and requirements, network segregation, wireless and public networks, remote access and perimeter security. Through the utilisation of these controls, you can take comfort in knowing that effective measures are in place that allow Felix to deliver SaaS services to you and your vendors on a protected network.
Felix uses advance cybersecurity software to shield against the most advanced cyberthreats. With our cybersecurity partners, Felix customers can trust that they are getting the best malware protection across their computers and devices. There are also vulnerability management controls met by Felix in this space including the Technical Vulnerability and Anti-Malware.
Felix is designed with Information Security in mind, reducing the possibility of a malicious attack on our application. With the following practices and processes in place, it makes Felix difficult to exploit by malicious attackers:
When deploying software releases and updates, we follow a series of measures to ensure that information security requirements and measures are met.
A secure deployment policy is in place and secure engineering principles are established. This includes meeting Secure Development Standards, having a secure development environment, using system security/acceptance testing and adhering to principles for engineering secure systems.
We have adopted secure application services and application services transaction best practices, and frequently conduct technical reviews of applications after operating platform changes and implement system control procedures.
You can have peace of mind in knowing we have stringent backup procedures and requirements, including having a cloud-based backup to ensure we can recover our services should a disaster occur.
Our Business Continuity plans ensure a level of resilience against major adverse events to minimise impacts to our clients should these events occur.
As the leading vendor management and procurement platform, we are committed to protecting our customer data. If you do have any security concerns, please report to us so we can attend to straight away.
If you're looking to contact us about other matters, please contact us.