Privacy and Security in the cloud

Security & Privacy in the cloud

The security and well-being of our customers underpins everything we do.

Having deployed SmartSimple in some of the most security conscious organizations in both public and private sectors, we continually pursue stronger security standards.

This experience goes to benefit all of our customers as we apply the same rigorous approach to security throughout our platform and organization.

SmartSimple adheres to industry leading compliance and audit standards for your peace of mind.

Compliance in the cloud

  • SmartSimple and its hosting partners are SOC 2 certified (SOC 2 is the most recognized compliance criteria for cloud vendors around the world).
  • SmartSimple maintains compliance certifications for SOC 1/SSAE 16/CSAE 3416/ISAE 3402 (formerly SAS70), SOC 2.
  • SmartSimple is compliant with the standards for PCI DSS Level 3, FIPS 140-2 encryption.
  • In February 2016, SmartSimple achieved a FedRAMP Authority to Operate (ATO) at the moderate impact level issued by the US Department of Defense.
  • SmartSimple supports both 2-factor and single sign on integration for enhanced authentication.
  • Information is encrypted at rest and in motion for increased security.

Security in the Cloud is a Shared Responsibility

While we ensure our platform's security and the protection of your information, we all bear a responsibility throughout your data’s life cycle.

We can safeguard the data that you store with us, but we have no control outside our environment. Therefore it is important that you evaluate your own security policies, consider how your users access your system, how the data is used, and the physical security of your own site and hardware

To really understand why security is a shared responsibility, you need to know the difference between two key concepts:

  • Security of the Cloud – these are the security measures that we, your cloud service provider, implement.
  • Security in the Cloud – these are the security measures you, our client, implement to safeguard your content and applications.

To make it simple, we’ve created a graphic that outlines exactly what each of us is responsible for.

View our Privacy is a Shared Responsibility document.

Download the Security Checklist

Better together

Security requires a systematic approach; everyone needs to do their part. By working together, being aware of security best practices, and taking appropriate action, we create a safe, secure environment in the cloud.

SmartSimple is SOC 1 and SOC 2 Compliant

SmartSimple is SOC 2 Compliant We subscribe to a high level of testing, training and compliance that ensures we meet very stringent standards, set by unbiased outside auditors. These professional auditors independently verify and certify that we are following regulated guidelines and are meeting our commitments. We are Service Organization Control (SOC 1 and SOC 2) compliant.

Our Shared Responsibility for Data Privacy in the Cloud

Like security in the cloud, privacy in the cloud is a shared responsibility between you and SmartSimple. While you are a SmartSimple client, we become a custodian of your data. That means we store and ensure that only those with the correct permissions have access to the data you store within your SmartSimple system.

SmartSimple's Role

SmartSimple's Role is to be your trusted SaaS provider, hosting and managing your data in a secure fashion.

SmartSimple will never move, alter, edit or delete any of the data in a client’s system. While we can be engaged to assist you with such activities, our role is simply to store the data you upload to your system. While we will accommodate your organization’s privacy policies, we are not in the position to properly govern or moderate them for you.

The Client's Role

As a SmartSimple client, you have complete control of your data and your data access policies. For that reason, it’s important that you have and are able to enforce your own privacy policy. And, since you know exactly how you gather your data and what kind of data you collect from your community, you will need to decide how accessible it should be and who can have access to it.

This means you’re required to manage the integrity of your data, making sure that what is being shared with us is only what needs to be, or should be, shared. Based on the sensitivity of the data you collect - for example, if you collect banking information, employment details or intellectual property, you will also need to decide who has permission to access, amend or remove any data from within your system, and whether you will need a dedicated server as opposed to shared server hosting.

To fully understand the shared responsibility of data privacy, please read our Data Privacy - A Shared Responsibility between SmartSimple and the Client.

For SmartSimple’s own privacy policy, please visit the privacy section of our website.

Top