Security FAQ
Simple delivers its solutions via a Software as a Service (SaaS) model. As Customers seek tighter security to protect their online data, we have prepared a Q&A of the strict measures we take to ensure Simple is a highly secure to provide peace of mind.
Application Hosting & Availability
Where is Simple hosted?
Simple is hosted in a dedicated rack at a physically secure Tier 4 Data Centre, alongside AWS and Microsoft Azure. The only access to the data center is via 2 Factor biometric fingerprint with IDAC. The Data Centre is intruder resistant and protected by 24/7 security & CCTV.
Does Simple have a backup site?
Yes. Our Disaster Recovery Site is in a separate location and on a separate power grid. Our Disaster Recovery procedure is tested annually.
Is my data backed up?
Yes. Databases are replicated to the Disaster Recovery Site and database snapshots are taken every 4 hours. Files are replicated to the Disaster Recovery Site upon upload.
Is Simple available 24 × 7 × 365?
Yes. Other than scheduled maintenance, the application is always available. We commit to an uptime of 99.5% of standard business hours.
Do you regularly undertake Penetration Testing?
Yes. A third party conducts annual pen testing.
Does Simple have any compliance certifications?
Yes. Simple is ISO 27001 and GDPR certified.
Our Information Security Policy Statement can be accessed here.
Data Security
Is the data encrypted?
Yes. Data is encrypted in transit (SSL) and at rest.
Is Simple protected from viruses?
After upload, all files are scanned for viruses in a separate safe zone before being committed to the production system.
If a client terminates Simple, can they get their files and metadata back?
Yes. We can extract data and files. This is typically provided as a download link for all files which is named with a unique ID. This unique ID maps the file to the metadata.
Access Control
Does Simple support SSO?
Yes, access via SSO is recommended. We can configure Single Sign On to work with protocols such as OpenID Connect and Identity Providers including Azure AD and Okta.
Does Simple have role-based security?
Yes. When Administrators create user accounts, they set the role of the user which will determine the level of access and functions available to the user.
Can users share login access to Simple?
No. The login is the user’s email address and therefore needs to be unique.
Are passwords secure?
Yes. Passwords are encrypted and cannot be seen by anybody, including our Support Team. If a user forgets their password, they are required to reset the password.
How does the system respond to failed login attempts?
For security purposes, it disables an account for 60 minutes after 4 failed login attempts.
Information Security & Privacy
Does Simple have an Information Security Policy?
Yes, we have an Information Security Policy document that is kept up-to-date and shared with all staff as updates occur and when new employees are inducted. Employees and staff are encouraged to read this policy in conjunction with other relevant Company policies and documents, including:
- Internet, Social Media, Email & Computer Use Policy
- Privacy Policy
- Code of Conduct Policy
- Modern Slavery Policy
- Ethical Sourcing Policy
Simple’s Information Security Policy covers:
- Physical Security
- Network Security
- Data Classification and Segregation
- Logical Security / Access Controls
- Risk Management
- Data Encryption
- Authentication Mechanisms
- Data Backup and Recovery
- Data Retention, Return and Destruction
- Logging and Monitoring
- Web Application Security Assessment
- Vulnerability Management
- Patch Management
- Secure Coding Practices
- Secure Remote Access for Employees
- Bring your Own Device Policy (BYOD)
- Secure Software Development
- Business Continuity Management and Disaster Recovery
- Incident Management and Response
- Third Party Risk Management
Does Simple have a privacy policy?
Yes. Our privacy policy can be accessed here.
Software Development & Release Management
How do you manage and test your new releases?
We use an Agile Scrum Methodology and use Dev Ops to manage our development and product backlog. Once development has been completed the updates are uploaded to a Staging environment for testing.
On Staging the test team unit test new changes and report back to development with any issues. The developers fix issues before re-uploading to staging (this cycle goes on until all unit tests pass).
Once all unit tests are passed, the test team perform an Integration Test which ensures that all new functionality works within the existing system without causing issues elsewhere (once again, this is a cycle between testers and developers until all reported issues are resolved).
Once the Integration Test has passed, the test team seek approval for the release from the Product Management Team. Once approved, deployment to production is scheduled inside our next designated Change Window.
General Queries
What size files and types can users upload to Simple?
File uploads are limited to a file size of 2GB. Users can upload any file type – we automatically create thumbnail previews for most file types.
Does Simple provide an audit trail that logs activity?
Yes. The system automatically logs uploads, feedback, approvals and rejections in a dedicated audit trail tab.
Does Simple track who has downloaded assets?
Yes. Each time an asset is downloaded, it is recorded with a User, Date and Time Stamp with an IP Address. All downloads for an asset can be viewed in the Download History Tab. This information can be provided as a monthly extract or upon demand.
Do I need to install any software to use Simple?
No. All you need is a supported internet Browser and a reasonable internet connection. Supported Browsers include:
- MS Edge
- Safari (latest 2 versions)
- Chrome (latest 2 versions)
- Firefox (latest 2 versions)