Skip to content

Trust & Security Center

Connecting you to our latest security, compliance, privacy and legal information.


SmartSimple collects, holds, and processes various kinds of data, many of which are confidential, protected, or sensitive information. To protect against unauthorized access, data breaches, and other security threats, we maintain a formalized and rigorous security program designed to ensure the security and integrity of your data.

We are obligated under various data protection legislation to have in place an institutional framework designed to ensure the security of all confidential data during its lifecycle, including clear lines of responsibility.

To assist your compliance and legal teams assess and validating our ability to meet the compliance requirements of your organization we provide self-serve access to the following compliance resources within our Trust Portal.

Access our risk assessments



CyberGRX apply a dynamic and comprehensive approach to third-party risk assessment, replacing outdated static spreadsheets. This third-party risk evaluation provides advanced capabilities by integrating our platform responses with analytics, threat intelligence, and sophisticated risk models, based on known breach kill chains, to provide an in-depth view of our security posture.


Customers can use the Framework Mapper feature which will allow them to map SmartSimple’s assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.


Access the SmartSimple CyberGRX Assessment.



Third-party audits and certifications



ISO 27001
ISO 27001 is a globally recognized, standards-based approach to security that sets out the specification for an information security management system (ISMS). The ISMS standard takes a best-practice approach that helps organizations in managing their information security environment by focusing on people, processes, and technology.


Validate our ISO 27001 Certification.



SOC reports — Our System and Organizational Controls (SOC) Report provides information about our controls environment and may be relevant to your internal controls.  The purpose of these reports is to help you and your auditors understand our control environment that supports operations and compliance.  The SOC reports are independent assessments of our control environment by a third-party auditor (Deloitte).



The SOC 1 report addresses our internal controls over financial reporting and reports the findings at a particular point in time.


Register to access our SOC Report.





SOC 2 Type II
The SOC 2 report is built around defined IT service parameters and examines our controls over the following five Trust Service Criteria: Privacy, Confidentiality, Processing Integrity, Availability, and Security. This report confirms we have the appropriate controls in place and that these controls are functioning over a duration of time.


Register to access our SOC2 Report.





SOC 2 + HITRUST Mapping
AICPA and HITRUST have collaborated to guide the mapping of the HITRUST CSF to Trust Services Criteria (specifically to Security, Availability, Privacy, and Confidentiality), enabling a single SOC 2 + HITRUST report.


Register to access our this report.



Other reports



The G-Cloud framework is a procurement vehicle provided by the UK government that connects cloud-based service providers to public-sector bodies in the United Kingdom.


View our G-Cloud Profile.