Difference between revisions of "Category:Security"
(→Overview) |
|||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{CategoryHeader}} | |
− | [[Category: | + | <pre> This category contains articles related to SmartSimple security. </pre> |
+ | =Overview= | ||
+ | [[SmartSimple]] handles client data with the utmost integrity. Security features and functionality exist at ''all ''levels of our system - from [[Global User Administrator|administrative controls]] to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center. | ||
+ | |||
+ | Within our system, our '''internal system security '''is a two-tier model: | ||
+ | |||
+ | * [[User]] access is firstly [[Organization hierarchy|hierarchically]]-dependent and can furthermore be restricted by [[User Role|role]]; field-level security is also based on role | ||
+ | * [[Global User Administrator|Manager]] permissions control access to higher-level functions within {{UTA}}s | ||
+ | |||
+ | The below chart is a broad overview of our security licenses and features: | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ||'''Certifications, Memberships & Compliance''' | ||
+ | || | ||
+ | * SmartSimple and its hosting partners are all SOC 2 certified | ||
+ | * SSAE 16 (The United States)* | ||
+ | * CSAE 3416 (Canada) | ||
+ | * FS-ISAC (Financial Services - Information Sharing and Analysis Center) | ||
+ | |||
+ | |- | ||
+ | ||'''Encryption & Protection''' | ||
+ | || | ||
+ | * SHA 256 [[Password Policy|Password]] Encryption | ||
+ | * SSL (128/1024) Encryption | ||
+ | * Closed ports - otherwise, communication is using HTTP port 80 or HTTPS port 443 | ||
+ | * All outward-facing [[URL]]s (external [[Signup Page|sign-ups]], [[Login Page|logins]], or other entries) are encrypted | ||
+ | * Encrypted severs (provides protection from "bare metal attacks") | ||
+ | * DDoS shield | ||
+ | |||
+ | |- | ||
+ | ||'''[[Roles and Security Settings|Role-Based Permissions]]''' | ||
+ | || | ||
+ | * The creation of [[User Role|user roles]] define levels of access - this is a central feature of the [[SmartSimple]] platform | ||
+ | * This user level control ensures that information is only accessible to those who are authorized | ||
+ | * Access policies are configurable to be as granular as necessary | ||
+ | * See Also: [[Organization hierarchy#Organization Based Security|Organization-Based Security]] | ||
+ | |||
+ | |- | ||
+ | ||'''Applicant Screening''' | ||
+ | || | ||
+ | We've built in comprehensive screen options through OFAC and GuideStar™. | ||
+ | |||
+ | We also integrate with international tax authorities to verify charitable status: | ||
+ | |||
+ | * The Internal Revenue Service (IRS) | ||
+ | * The Canadian Revenue Agency (CRA) | ||
+ | * The Australian Business Register | ||
+ | * Charity Commissioners (UK) | ||
+ | |||
+ | |- | ||
+ | ||'''System Lockdown''' | ||
+ | ||At the first sign of an attempted breach of security, your SmartSimple [[instance]] can be placed on lockdown. This ensures that access is limited to parties who are addressing the security concern. | ||
+ | |- | ||
+ | ||'''Forensic Auditing''' | ||
+ | ||With your permission, SmartSimple can track system usage and provide you with detailed access [[Reports|reports]]. This may help to identify any unauthorized access resulting from issues such as shared [[Password Policy|passwords]] and malicious data manipulating. | ||
+ | |- | ||
+ | ||'''[[Reader Log]] and [[Track Changes|Field Change Tracking]]''' | ||
+ | ||All field changes are tracked and auditable. | ||
+ | |- | ||
+ | ||'''[[Two-Factor Authentication]]''' | ||
+ | ||Protect your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication drastically reduces the incidence of online identity theft and fraud. | ||
+ | |} | ||
+ | * SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination. | ||
+ | * Our hosting server, '''AWS (Amazon Web Services), '''is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider. | ||
+ | |||
+ | [[Category:Contents]] |
Latest revision as of 09:38, 5 July 2019
This page is meant to organize categories, please see the below listings to navigate the sub-categories and articles.
This category contains articles related to SmartSimple security.
Overview
SmartSimple handles client data with the utmost integrity. Security features and functionality exist at all levels of our system - from administrative controls to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center.
Within our system, our internal system security is a two-tier model:
- User access is firstly hierarchically-dependent and can furthermore be restricted by role; field-level security is also based on role
- Manager permissions control access to higher-level functions within s
The below chart is a broad overview of our security licenses and features:
Certifications, Memberships & Compliance |
|
Encryption & Protection | |
Role-Based Permissions |
|
Applicant Screening |
We've built in comprehensive screen options through OFAC and GuideStar™. We also integrate with international tax authorities to verify charitable status:
|
System Lockdown | At the first sign of an attempted breach of security, your SmartSimple instance can be placed on lockdown. This ensures that access is limited to parties who are addressing the security concern. |
Forensic Auditing | With your permission, SmartSimple can track system usage and provide you with detailed access reports. This may help to identify any unauthorized access resulting from issues such as shared passwords and malicious data manipulating. |
Reader Log and Field Change Tracking | All field changes are tracked and auditable. |
Two-Factor Authentication | Protect your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication drastically reduces the incidence of online identity theft and fraud. |
- SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination.
- Our hosting server, AWS (Amazon Web Services), is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider.
Subcategories
This category has the following 3 subcategories, out of 3 total.
Pages in category ‘Security’
The following 62 pages are in this category, out of 62 total.