SECURITY AND COMPLIANCE OVERVIEW
1. Purpose and Scope
This Security and Compliance Overview is intended to support Client diligence conversations by summarizing FixedOps Innovations' current security approach, platform safeguards, access control model, vendor management practices, incident response position, and compliance roadmap. It is designed to be business-readable and does not disclose sensitive implementation details, internal remediation records, source code, database schema, or operational playbooks.
This document should be read together with the Master Services Agreement, Data Processing and Security Addendum, Service Level Agreements, Support Policy, Deployment and Configuration Guide, and Subprocessors and Service Providers document, as applicable.
2. SOC 2 Status and Compliance Roadmap
FixedOps Innovations, LLC is currently undergoing its SOC 2 Type 1 assessment, with controls being organized around the Security, Availability, and Confidentiality trust services criteria. This work is ongoing, and FixedOps Innovations, LLC does not represent that SOC 2 Type 1 or SOC 2 Type 2 has been completed until the applicable assessment is finalized.
As part of its current SOC 2 Type 1 assessment and scheduled progression toward SOC 2 Type 2, FixedOps Innovations, LLC is actively formalizing, reviewing, and improving its security controls, operating procedures, documentation, vendor management practices, access control processes, logging, and incident response practices.
The SOC 2 process is being used as a practical framework for documenting control design, collecting evidence, improving operating discipline, and supporting customer and Client trust as the platform matures.
3. Platform and Infrastructure
FixedOps Innovations, LLC uses managed cloud infrastructure and modern application architecture to deliver the FixedOps Innovations platform. The platform is hosted using Vercel for application hosting and related server-side application services, and Supabase for database, authentication, storage, backend services, and related platform services.
FixedOps Innovations, LLC's use of managed cloud providers is intended to reduce operational risk associated with self-managed infrastructure while allowing FixedOps Innovations, LLC to focus on application security, access controls, data handling, vendor management, and operational processes. Other material providers that may process Client Data or Customer Information are identified in FixedOps Innovations, LLC's Subprocessors and Service Providers document.
4. Data Protection
FixedOps Innovations, LLC and its approved service providers use industry-standard encryption safeguards designed to protect Client Data and Customer Information in transit and at rest. FixedOps Innovations, LLC reviews vendor security documentation as part of its vendor management process and relies on approved service providers that maintain appropriate encryption, access control, and security practices for the services they provide.
FixedOps Innovations, LLC manages sensitive credentials, API keys, and similar secrets through secure environment and secrets-management practices. Privileged credentials are not exposed to end users and are intended to be used only by authorized server-side systems and approved operational processes.
FixedOps Innovations, LLC is continuing to formalize data handling practices as part of its SOC 2 Type 1 assessment and scheduled progression toward SOC 2 Type 2, including practices related to access control, vendor review, incident response, and operational documentation.
5. Authentication and Access Control
FixedOps Innovations, LLC uses layered access controls, including role-based access control, authorized data scoping, and database row-level security where applicable. User access is intended to be limited based on job responsibilities, Authorized Location or Authorized Location scope, and operational need.
The FixedOps Innovations access control approach is designed to support least-privilege principles, separation of responsibilities, and auditable authorization decisions. FixedOps Innovations, LLC is continuing to formalize authorization review practices, access control documentation, and related evidence collection as part of its SOC 2 program.
| Control Area | Client-Facing Summary |
|---|---|
| Authentication | Users authenticate through controlled application access mechanisms. Sessions and access are validated before protected application activity is permitted. |
| Role-Based Access Control | Access is assigned according to role, capabilities, and authorized operational responsibilities. |
| Data Scoping | Access is intended to be limited to authorized Client, Authorized Location, or operational context. |
| Database-Level Controls | Database row-level security is used where applicable as part of a layered access control model. |
| Ongoing Improvement | Access control practices, documentation, and review procedures are being formalized through the current SOC 2 process. |
6. Employee and Contractor Access
FixedOps Innovations, LLC limits employee and contractor access to systems and information based on role, business need, and least-privilege principles. As part of its SOC 2 Type 1 assessment and scheduled progression toward SOC 2 Type 2, FixedOps Innovations, LLC is formalizing access review practices to help ensure access remains appropriate over time.
Personnel and contractor access is intended to be granted only where reasonably necessary to provide, support, secure, administer, or improve the FixedOps Innovations platform and related services.
7. Logging and Monitoring
FixedOps Innovations, LLC maintains logging and monitoring practices designed to support security operations, troubleshooting, operational review, incident investigation, and auditability. As part of its current SOC 2 Type 1 assessment and scheduled progression toward SOC 2 Type 2, FixedOps Innovations, LLC is continuing to formalize logging, monitoring, and review practices.
Logging and monitoring practices are intended to support operational visibility, issue investigation, security review, and evidence collection without disclosing sensitive implementation details in customer-facing materials.
8. Vendor Management and Subprocessors
FixedOps Innovations, LLC uses approved service providers and subprocessors to help deliver, secure, host, support, and administer the platform. As part of its vendor management process, FixedOps Innovations, LLC reviews relevant vendor security documentation and evaluates service providers based on their role, data access, and operational importance.
FixedOps Innovations, LLC maintains a Subprocessors and Service Providers document identifying material providers that may process Client Data or Customer Information on behalf of FixedOps Innovations, LLC. That document should be used as the primary public-facing reference for material providers used in connection with the FixedOps Innovations platform.
9. Incident Response
FixedOps Innovations, LLC is formalizing incident response practices designed to support identification, investigation, containment, remediation, documentation, and appropriate notification of security incidents. Where an incident involves Client Data or Customer Information, FixedOps Innovations, LLC will provide notice in accordance with applicable law and applicable contractual obligations.
Incident response practices are being developed as part of the broader FixedOps Innovations security and compliance program and are intended to support timely coordination, evidence preservation, root-cause review, and appropriate communication with affected parties.
10. Availability and Service Continuity
FixedOps Innovations, LLC uses managed cloud infrastructure and commercially reasonable operational practices designed to support platform availability and resilience. Availability objectives, dependencies, exclusions, maintenance, support coordination, and related operational commitments are described in the Service Level Agreements.
Because FixedOps Innovations services may depend on Client systems, Management Software access, network connectivity, approved service providers, and other third-party systems, availability and continuity obligations should be read together with the Service Level Agreements and Deployment and Configuration Guide.
11. Client Responsibilities
Security is a shared responsibility. Client is responsible for maintaining the security of its own systems, users, credentials, Management Software access, workstations, printers, network environment, and third-party relationships. Client is also responsible for providing accurate data, managing its authorized users, and cooperating with reasonable deployment, support, security, and incident-response activities.
Client responsibilities are further described in the Master Services Agreement, Deployment and Configuration Guide, Support Policy, and related service documents.
12. Summary
FixedOps Innovations, LLC is building its security and compliance program around practical operational controls, managed cloud infrastructure, layered access controls, vendor review, data protection practices, logging and monitoring, incident response, and SOC 2-aligned control formalization.
This overview is intended to provide Clients with a clear, current, and appropriately scoped view of the FixedOps Innovations security and compliance position while the company completes its SOC 2 Type 1 assessment and progresses toward SOC 2 Type 2.
Related Documents
-
Master Services Agreement
-
FixedOps Innovations Data Processing and Security Addendum
-
Service Level Agreements
-
FixedOps Innovations Support Policy
-
FixedOps Innovations Deployment and Configuration Guide
-
FixedOps Innovations Subprocessors and Service Providers