Cybersecurity Awareness Month reminds us that threats are constantly on all of our doorsteps. Learn about what we’re doing to protect you.
In a world where our collective cyber footprint continues to grow in the face of ever present threats, cybersecurity has become a focal point that we all must have an eye on.
How SmartSimple is Protecting you
Strong cybersecurity has always been a foundational element to how we operate. We work with many global foundations, government agencies, corporate entities, and research institutions, many of whom work with sensitive and confidential data. These organizations hold us to a higher standard, and we’re committed to ensuring they have peace of mind knowing they are working in a safe cyber environment.
Over the years we’ve released scores of enhancements to the SmartSimple Cloud platform to evolve with emerging cybersecurity threats. We’ve also attained certifications that ensure we are operating at the highest level of security standards.
Here are just some of the things we’re doing to protect our clients.
Certifications and Standards
Over the years, we’ve spent a great deal of time and performing audits and acquiring relevant certifications that ensure we are applying best practice around how we manage information security.
ISO 27001
Internationally recognized, ISO 27001 is a certification that outlines a set of standards1 around ‘establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.’ We were ISO 27001 certified by the British Standards Institute (BSI) in 2021.
Certification confirms that an organization adheres to and is compliant with the standards outlined.
SOC II Type 2
The SOC (System and Organization Controls) is an audit report that verifies that an organization complies with a set of standards developed by the American Institute of CPAs on how customer data should be managed. These include: security, availability, processing integrity, confidentiality and privacy.
Pursuing SOC compliance is completely voluntary on the part of the vendor, but more organizations are requiring it from their partners.
We maintain a SOC II Type 2 internal controls report, a more rigorous set of internal controls than a standard SOC I and SOC II. This monitors how we safeguard customer data, and how effective those controls are operating over a period of time.
SmartSimple is audited annually by a third party assessor (Deloitte), and we’ve maintained SOC II compliance since 2014.
The SmartSimple Trust Portal
The SmartSimple Trust Center is an information hub where clients can access a full library of compliance information relating to SmartSimple.
Within the trust center, is the Trust Portal, a one-stop destination where clients and prospective clients have seamless access to practices, policies, reports, and procedures relating to areas like privacy, security, and compliance.
The Trust Portal is broken up into five broad categories for easy access: Security, Privacy, Compliance, Agreements, and System Status.
As one of the first in the industry to offer a trust center and self-serve Trust Portal, we’re committed to pushing the industry forward to better support our clients with the resources they need to ensure they are working with the right partner.
You can read more about the SmartSimple Trust Center here.
CyberGRX Vendor Risk Management
For many of our clients, third-party vendor risk management assessments are integral to their commitment to cyber safety of their stakeholders. But third-party risk assessments can be a challenging, time-consuming process.
To help alleviate some of this burden, SmartSimple partners with CyberGRX Vendor Risk Management Services.
Through our partnership, clients can use the Framework Mapper feature which will allow them to map SmartSimple’s various assessments to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.
You can read more about how we use the CyberGRX Vendor Risk Management Model to better support our clients here.
Helpful Cybersecurity Awareness Month Resources
Most in the general public may not be aware, but every year since 2003, October has been recognized as Cybersecurity Awareness Month (CSAM). While CSAM hasn’t captured headlines in the same way as other, more publicized causes, it’s becoming an increasingly important part of the calendar.
Spearheaded by the US Department of Homeland Security and the National Cyber Security Alliance3, CSAM is just one of several auspicious dates4 throughout the year that promote cybersecurity awareness.
As the name suggests, the objective of CSAM is to promote vigilance and ensure that every individual is taking proper steps to stay safe and secure online.
The Cybersecurity & Infrastructure Agency (CISA) has a number of helpful resources that share best practices and tips on how to ensure you are taking the necessary precautions to protect yourself from cyber threats.
CISA Cybersecurity Awareness Month Toolkit - This a helpful primer for both individuals and organizations that cover the basics of cybersecurity. It also offers helpful tips on how to bring greater awareness around cybersecurity in your organization.
Cybersecurity 101 - This is a handy document that you can share with members of your team. It provides tips and reminders on cybersecurity best practices.
Learn more about how SmartSimple can help keep you and your people safe from Cyber Threats
The Internet is bombarded with 2,200 cyber attacks a day5. The threats are real and they pervade every corner of cyberspace.
If you’d like to learn more about what we do to protect all our clients from these threats, contact us to schedule a time to chat.
Sources:
- https://www.techtarget.com/whatis/definition/ISO-27001
- https://www.cybergrx.com/
- https://www.cisecurity.org/insights/blog/october-national-cybersecurity-awareness-month
- https://socradar.io/top-10-cyber-security-awareness-days-worldwide/
- https://us.norton.com/blog/emerging-threats/cybersecurity-statistics#:~:text=However%2C%20considering%20there%20are%20around,people%20being%20hacked%20per%20year
