Security, privacy, and compliance

Protect your people and your data at every step

security-compliance-popular-feature-graphic

Dig deeper: Not all software security is the same

Simpplr protects your data with enterprise-grade security verified by independent auditors. At Simpplr, information security is one of our first requirements.

CERTIFICATIONS

Compliance certifications and memberships

SOC2-Type2

SOC 2 Type 2

ISO 27001

Data Privacy Framework

DPF

Reduce risk with a unified platform

It’s easier to defend a smaller threat surface because fewer apps mean fewer points of attack. Intranet, newsletters, surveys, mobile apps, and emergency communications are all under the same roof.

Ensure audited enterprise-grade security

If applications have security gaps, their underlying data center certifications don’t matter. Simpplr is one of the few vendors in this space to maintain ISO 27001 and SOC 2 certifications for our own operations as well as to require them of our subprocessors.

Count on guaranteed 99.99% availability

Simpplr has built out a high-availability architecture and pays a premium for hosting infrastructure so we can contractually guarantee 99.99% availability.

Enterprise-level encryption

Rely on Simpplr to deliver encrypted data in transit and at rest using TLS 1.2 and AES 256.

Role-based access control (RBAC)

Control who sees what content and who can create content using audiences integrated from your HR or identity system.

Single sign-on (SSO)

Integrate to Azure AD, Google Workspace, Okta, OneLogin, and other identity providers via SAML and SCIM.

Trust in Simpplr for industry compliance across the board

ISO 27001

Simpplr is ISO 27001:2013 certified annually. An independent firm accredited by the ANAB standards body certifies that the Simpplr information security management system (ISMS) contains comprehensive policies and procedures to manage information risk. Note that a SOC 2 audit of a software vendor itself, in addition to audits of any subprocessor or cloud platform on which it operates, is required to validate that a vendor securely operates their ISMS.

SOC 2

Simpplr annually undergoes a SOC 2 Type 2 audit. An independent auditor regulated by the AICPA investigates our operations during a 12 month period and attests to the effectiveness of our security controls. SOC 2 attestation reports may be shared under NDA. We provide quarterly bridge letters to cover the period since the last SOC 2 audit. Our subprocessors also hold SOC 2 Type 2 attestation certificates.

SOC 3

SOC 3 reports are similar to SOC 2, but they contain less detail and may be shared publicly without an NDA. The SOC 3 is a report of internal controls over security, availability, processing integrity, and confidentiality. Both SOC 2 and SOC 3 reports are conducted according to SSAE 18 standards, as outlined by the AICPA. Both reports involve an audit and rigorous testing of an organization’s security controls. Note that bridge letters are not generated for SOC 3 reports. 

TRUSTe Data Privacy Framework (DPF) verification

Companies that display the TRUSTe Privacy Verified seal have demonstrated that their privacy programs, policies, and practices meet the requirements of EU-U.S. and Swiss-U.S. Data Privacy Framework principles. Companies verified to the Data Privacy Framework Principles are considered in compliance with the UK Extension to the EU-U.S. Data Privacy Framework.

TRUSTe Dispute Resolution

Simpplr participates in the TRUSTe online Privacy Dispute Resolution program which lets users report potential violations of posted privacy statements and specific privacy issues that pertain to TRUSTe clients. TRUSTe investigates all eligible complaints and mediates solutions between users and clients.

GDPR

Simpplr helps organizations meet their GDPR compliance requirements through features such as retention policies, data subject access requests, and standard contractual clauses. 

Data Privacy Framework (DPF)

Simpplr is an active member of the EU-US and Swiss-US Data Privacy Framework program as well as the UK Extension to the EU-U.S. Data Privacy Framework.

HIPAA

Simpplr complies with HIPAA standards, securing communication and collaboration with all key stakeholders, and will sign a HIPAA business associate agreement (BAA).

23 NYCRR Part 500

Simpplr is 23 NYCRR Part 500-ready and enables financial services firms to meet compliance requirements through features such as enhanced audit trail, SIEM integration, encryption, and incident response planning. 

GXP

Simpplr enables biotechnology, pharmaceutical, and other life sciences organizations to meet GXP compliance requirements through features such as document management, content distribution, and awareness check-in.

get simpplr

See for yourself!

Request a demo