SmartSimple Blog

Is Your Software Provider Committed to Keeping Your Information Secure?

Posted by SmartSimple Software on Feb 18, 2022 11:27:59 AM

Software Provider Security

Here’s a chilling statistic: In 2021, there were 28,695 vulnerabilities disclosed. That’s the highest number on record, with 4,108 of those remotely exploitable.

Data breaches surface in the news every day, and the threat to landscape is continuously evolving, with trends from social engineering attacks to human-operated ransomware on the rise. The surge in remote work, prompted by the pandemic, has been accompanied by a surge in cyberattacks. Whether your organization is public or private, an academic institution or a large corporation, a government agency or a family foundation, no doubt you’re invested in protecting your information assets at all costs. But if you are currently working with or searching for a cloud-based process/workflow automation software provider, how can you be certain that your data will remain safe?

One crucial way that software providers back up their commitment to information security is with widely recognized security certifications. For example, SmartSimple and its hosting partners are SOC 2 Type II compliant, the most globally recognized data-privacy compliance criteria for cloud vendors. In addition to the SOC2 Type II we also maintain compliance reports for SOC 2/ SOC2 + HITRUST Mapping/ SOC 1/ SSAE 16/ CSAE 3416/ ISAE 3402 (formerly SAS70), which pertains to internal controls over financial reporting.


SmartSimple adds ISO 27001 certification

In June 2021, we announced that we had achieved ISO/IEC 27001:13 certification (ISO 27001 for short), the international gold standard for information security management systems (ISMS). ISO 27001 adds to our continuing efforts to ensure the safest information security environment. Clients can validate our certification is current through the British Standards Institution (BSI) website here.


Why is ISO 27001 so important?

Established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO 27001 zeroes in on an organization’s Information Security Management System (ISMS): that is, the controls it has in place to manage and protect sensitive data. ISO 27001 outlines detailed requirements around the implementation, maintenance and continual improvement of an ISMS, as well as the organization’s ability to assess and respond to information security risks.

“Securing information properly is a challenge that requires careful management of people and assets through the application of clear policies and procedures,” says security specialist Michelle Drolet, for CSO Online. “Unfortunately, many businesses lack the expertise needed to ensure that information security is a reality. [ISO 27001] certification is a clear signal to everyone you do business with that you take data security seriously and that their data is safe with you.”

Companies that are ISO 27001 certified demonstrate that their ISMS meets the highest international standards for information security—and that they are committed to improving on those standards. In fact, according to ISO 27001, information security must inform every decision made by management, not simply every decision made by the IT team. To achieve this certification, information security must be at the centre of the organization’s business practices.


Working with an ISO 27001–certified software provider gives you peace of mind

In today’s data environment, bad actors are lurking around every corner. To fend off information security risks of all kinds, ISO 27001 specifies a large number of controls—114, to be exact—that an organization needs to have in place. These controls are organized into 14 categories, including information security policies, human resource security, asset management, cryptography, physical and environmental security, operations security, communications security, supplier relationships, and information security incident management. The bar is very high, but that’s good news for you, the client.

When you’re working with or considering a software provider that has achieved ISO 27001 certification, like us, you can be confident that:

  • Its ISMS is integrated with the company’s processes and overall management structure;
  • The company takes information security into careful account in the design of its processes, information systems and controls;
  • It systematically assesses its vulnerabilities to information security risks and the potential impacts of those risks;
  • The company maintains a robust suite of information security controls to address unacceptable risks;
  • Its ISMS ensures that these controls will continue to adapt and evolve to meet the company’s changing information security requirements.

Unfortunately, there’s no relief in sight from the steady parade of data breaches. Choosing a grants management software provider that’s ISO 27001 certified is an important way to protect your organization from an unwanted appearance in yet another bad-news story.


Learn more about our secure solutions

To learn more about how we keep your data safe in the cloud, go to our Security & Privacy page.

To schedule a SmartSimple Cloud solution demo, fill out a request form online.

For more information about our information security standards, you can visit

Recent Posts

Posts by Tag