SmartSimple is now SOC 2 Compliant

SmartSimple is proud to announce that we are now a Service Organization Control (SOC) 2 compliant organization. 

SOC 2 is the most recognized and relevant standard for cloud security in the world, and it’s a reflection of our dedication to maintaining the highest level of security standards for our clients.

“SOC 2 is the standard many organizations hold their vendors to. It shows we’re on the leading edge of governance practices,” says Cameron McLean, President of SmartSimple. “We’re also currently the only Software as a Service (SaaS) provider in the grants and research management space that has achieved this level of certification.”

SOC 2 builds on top of our compliance frameworks and concentrates on non-financial reporting controls as they relate to the security, availability, and processing integrity of the SmartSimple system. These reporting controls are commonly known in the industry as the Trust Service Principles, and outlines the standards needed to qualify for SOC 2 certification.

Trust Service Principles

  1. Security: The system is protected, both logically and physically, against unauthorized access.
  2. Availability: The system is available for operation and use as committed or agreed to.
  3. Processing Integrity: System processing is complete, accurate, timely, and authorized.
  4. Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
  5. Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accounts (CICA).
SmartSimple’s impartial third-party audit was conducted by Deloitte, a global leader in Enterprise Risk Management.

“A SOC 2 audit is a rigorous, independent review that provides assurance on security, availability, and processing integrity,” says Mark Varma, Senior Manager, Enterprise Risk at Deloitte. “SmartSimple’s SOC 2 certification will help build trust and confidence in their service delivery processes and controls.”

Visit the Security & Privacy page of the SmartSimple website to find more information about the roles and responsibilities we and our clients’ adhere to. Plus, you’ll gain an improved understanding about the shared responsibility of SaaS vendors and clients in the cloud.

Comments

Popular posts from this blog

Introducing 24/5 Technical Support

SmartSimple Attends the Conference Board of Canada’s Corporate Social Responsibility Conference

Dedicated vs. Non-Dedicated Servers – What’s best for me?