2,299
edits
Changes
→Overview
{{CategoryHeader}}
<pre> This category contains articles related to SmartSimple security.</pre>=Overview=[[SmartSimple]] handles client data with the utmost integrity. Security features and functionality exist at ''all ''levels of our system - from [[Global User Administrator|administrative controls]] to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center.
* [[User]] access is firstly [[Organization hierarchy|hierarchically]]-dependent and can furthermore be restricted by [[User Role|role]]; field-level security is also based on role * [[Global User Administrator|Manager]] permissions control access to higher-level functions within {{UTA}}s The below chart is a broad overview of our security process, licenses, and features:
{| class="wikitable"
||'''Certifications, Memberships & Compliance'''
||
* SmartSimple and its hosting partners are all SOC 2 certified
* SSAE 16 (The United States)*
* CSAE 3416 (Canada)
* SHA 256 [[Password Policy|Password]] Encryption
* SSL (128/1024) Encryption
* Closed ports- otherwise, communication is using HTTP port 80 or HTTPS port 443* All outward-facing [[URL]]s (external [[Signup Page|sign-ups]], [[Login Page|logins]], or other entries) are encrypted
* Encrypted severs (provides protection from "bare metal attacks")
* DDoS shield
* The creation of [[User Role|user roles]] define levels of access - this is a central feature of the [[SmartSimple]] platform
* This user level control ensures that information is only accessible to those who are authorized
* Access policies are configurable to be as granular as necessary
* See Also: [[Organization hierarchy#Organization Based Security|Organization-Based Security]]
|-
||'''Applicant Screening'''
||
We've built in comprehensive screen options through OFAC and GuideStar™.
We also integrate with international tax authorities to verify charitable status:
* The Internal Revenue Service (IRS)
* The Canadian Revenue Agency (CRA)
* The Australian Business Register
* Charity Commissioners (UK)
|-
||Protect your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication drastically reduces the incidence of online identity theft and fraud.
|}
*SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination. * Our hosting server, '''AWS (Amazon Web Services), '''is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider.
[[Category:Contents]]