SOC2 readiness
Controls structured for enterprise assurance.
Commandix is being prepared around SOC2 Trust Services Criteria. This page describes readiness work, not an issued SOC2 report.
| Trust area | Current readiness controls |
|---|---|
| Security | Tenant isolation, RBAC, MFA support, OAuth, password policy, account lockout, session tracking, CSRF protection, rate limiting, hardened headers, CrowdSec, audit logs, and security event logging. |
| Availability | Nginx edge, PM2 clustered API workers, production smoke checks, restart controls, backups and monitoring to be documented with operating evidence. |
| Confidentiality | Role-limited views, tenant-scoped files, GUID storage folders, restricted admin access, encryption for integration secrets, and responsible disclosure path. |
| Processing integrity | Input validation, tenant-reference validation, audit logging for critical changes, status history, task dependency rules, and transaction use for sensitive updates. |
| Privacy | Privacy policy, GDPR request intake, authenticated data export, subprocessor disclosure, cookie policy, DPA overview, and retention documentation. |
Need a security review packet?
We can provide current architecture, control narrative, subprocessors, and readiness documentation during procurement.