Having deployed SmartSimple Cloud in some of the most security-conscious organizations in both public and private sectors, we continually pursue stronger security standards.
This experience goes to benefit all of our customers as we apply the same rigorous approach to security throughout our platform and organization.
While we ensure our platform's security and the protection of your information, we all bear a responsibility throughout your data’s life cycle.
We can safeguard the data that you store with us, but we have no control outside our environment. Therefore it is important that you evaluate your own security policies, consider how your users access your system, how the data is used, and the physical security of your own site and hardware.
Read our documents:
To really understand why security is a shared responsibility, you need to know the difference between two key concepts:
Security of the Cloud – these are the security measures that we, your cloud service provider, implement.
Security in the Cloud – these are the security measures you, our client, implement to safeguard your content and applications.
Security requires a systematic approach; everyone needs to do their part. By working together, being aware of security best practices, and taking appropriate action, we create a safe, secure environment in the cloud.
We subscribe to a high level of testing, training and compliance that ensures we meet very stringent standards, set by unbiased outside auditors. These professional auditors independently verify and certify that we are following regulated guidelines and are meeting our commitments. We are Service Organization Control (SOC 1 and SOC 2) compliant.
Like security in the cloud, privacy in the cloud is a shared responsibility between you and SmartSimple. While you are a SmartSimple client, we become a custodian of your data. That means we store and ensure that only those with the correct permissions have access to the data you store within your SmartSimple system.
SmartSimple's Role is to be your trusted SaaS provider, hosting and managing your data in a secure fashion.
SmartSimple will never move, alter, edit or delete any of the data in a client’s system. While we can be engaged to assist you with such activities, our role is simply to store the data you upload to your system. While we will accommodate your organization’s privacy policies, we are not in the position to properly govern or moderate them for you.
This means you’re required to manage the integrity of your data, making sure that what is being shared with us is only what needs to be, or should be, shared. Based on the sensitivity of the data you collect - for example, if you collect banking information, employment details or intellectual property, you will also need to decide who has permission to access, amend or remove any data from within your system, and whether you will need a dedicated server as opposed to shared server hosting.
To fully understand the shared responsibility of data privacy, please read our Data Privacy - A Shared Responsibility between SmartSimple and the Client