Skip to main content

Platform Security

Updated

Overview

SmartSimple manages client data with the highest level of integrity. Security features and functionalities are integrated at all levels of our system, ranging from administrative controls to encrypted servers securely housed within a SSAE 16 (formerly SAS 70*) data center.

Our internal system security operates on a two-tier model:

  • User access is primarily hierarchical and can be further restricted by role; field-level security is also role-based.
  • Manager permissions govern access to higher-level functions within the system.

The following chart provides a comprehensive overview of our security licenses and features:

Certifications, Memberships & Compliance
  • SmartSimple and its hosting partners are all SOC 2 certified.
  • SSAE 16 (The United States)*
  • CSAE 3416 (Canada)
  • FS-ISAC (Financial Services - Information Sharing and Analysis Center)
Encryption & Protection
  • SHA 256 Password Encryption
  • SSL (128/1024) Encryption
  • Closed ports; otherwise, communication occurs via HTTP port 80 or HTTPS port 443.
  • All outward-facing URLs (external sign-ups, logins, or other entries) are encrypted.
  • Encrypted servers (providing protection from "bare metal attacks").
  • DDoS shield.
Role-Based Permissions
  • The creation of user roles defines levels of access, which is a central feature of the SmartSimple platform.
  • This user-level control ensures that information is accessible only to authorized individuals.
  • Access policies can be configured to be as granular as necessary.
  • See Also: Organization-Based Security
Applicant Screening

We have incorporated comprehensive screening options through OFAC and GuideStar™.

Additionally, we integrate with international tax authorities to verify charitable status:

  • The Internal Revenue Service (IRS)
  • The Canadian Revenue Agency (CRA)
  • The Australian Business Register
  • Charity Commissioners (UK)
System LockdownUpon the first indication of a security breach attempt, your SmartSimple instance can be placed on lockdown, ensuring that access is restricted to individuals addressing the security concern.
Forensic AuditingWith your consent, SmartSimple can monitor system usage and provide you with detailed access reports. This may assist in identifying any unauthorized access resulting from issues such as shared passwords and malicious data manipulation.
Reader Log and Field Change TrackingAll field changes are tracked and are subject to audit.
Two-Factor AuthenticationEnhance the security of your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication significantly reduces the risk of online identity theft and fraud.
  • SSAE 16 supersedes the Statement on Auditing Standards (SAS) No. 70, providing professional guidance for conducting a service auditor's examination.
  • Our hosting server, AWS (Amazon Web Services), is FedRAMP authorized, adheres to ISO 27001 best practice guidelines, and is a PCI DSS Level 1 Service Provider.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Helpful Links