Commandix guide
Security and Compliance Operations
Commandix includes application controls that support GDPR readiness and SOC 2 operating discipline. This chapter explains what admins should use regularly.
Last updated July 8, 2026
Admin checklist
- Require MFA for privileged users and encourage MFA for all users.
- Use OWNER sparingly. Use MEMBER plus unit manager/head or section access when possible.
- Review login events for repeated failures, MFA failures, and unusual user agents.
- Export audit logs for compliance reviews and incident investigations.
- Use section access for least-privilege visibility.
- Use Microsoft 365 or Google Workspace imports to reduce stale user administration.
- Disable or delete users promptly after departure.
- Use privacy export and privacy request intake for data-subject workflows.
Evidence sources inside Commandix
| Evidence | Where | Why it matters |
|---|---|---|
| Activity audit logs | Settings -> Audit -> Activity Log | Shows create, update, and delete events with actor, entity, details, and timestamps. |
| Login events | Settings -> Audit -> Login Events | Shows authentication success/failure, MFA failures, IP address, and user agent. |
| Security events | Profile and backend security event records | Captures password changes, session revokes, and account security actions. |
| Privacy requests | Profile -> Privacy request intake | Creates a trackable request record for GDPR-style workflows. |
| Personal data export | Profile -> Privacy export | Supports access and portability requests. |
| Role and section access | Settings -> Users | Supports least privilege and access review evidence. |
Help site security
The help center is static and served independently from the application runtime. It should be delivered over HTTPS, with security headers, a restrictive content security policy, no server-side login surface, and no writable application endpoints.