2,299
edits
Changes
→Overview
<pre> This category contains articles related to SmartSimple security. </pre>
=Overview=
[[SmartSimple]] handles client data with the utmost integrity. Security features and functionality exist at ''all ''levels of our system - from [[Global User Administrator|administrative controls]] to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center.
* [[SmartSimpleUser]] handles client data with the utmost integrity. Security features access is firstly [[Organization hierarchy|hierarchically]]-dependent and functionality exist at ''all ''levels of our system can furthermore be restricted by [[User Role|role]]; field- from level security is also based on role * [[Global User Administrator|administrative controlsManager]] permissions control access to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center. higher-level functions within {{UTA}}s
The below chart is a broad overview of our security process, licenses, and features:
{| class="wikitable"
||'''Certifications, Memberships & Compliance'''
||
* SmartSimple and its hosting partners are all SOC 2 certified
* SSAE 16 (The United States)*
* CSAE 3416 (Canada)
* SHA 256 [[Password Policy|Password]] Encryption
* SSL (128/1024) Encryption
* Closed ports- otherwise, communication is using HTTP port 80 or HTTPS port 443* All outward-facing [[URL]]s (external [[Signup Page|sign-ups]], [[Login Page|logins]], or other entries) are encrypted
* Encrypted severs (provides protection from "bare metal attacks")
* DDoS shield
* The creation of [[User Role|user roles]] define levels of access - this is a central feature of the [[SmartSimple]] platform
* This user level control ensures that information is only accessible to those who are authorized
* Access policies are configurable to be as granular as necessary
* See Also: [[Organization hierarchy#Organization Based Security|Organization-Based Security]]
|-
||'''Applicant Screening'''
||
We've built in comprehensive screen options through OFAC and GuideStar™.
We also integrate with international tax authorities to verify charitable status:
* The Internal Revenue Service (IRS)
* The Canadian Revenue Agency (CRA)
* The Australian Business Register
* Charity Commissioners (UK)
|-
|}
* SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination.
* Our hosting server, '''AWS (Amazon Web Services), '''is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider.
[[Category:Contents]]