Changes

{{CategoryHeader}} <pre> This category contains articles related to SmartSimple security.</pre>=Overview=[[SmartSimple]] handles client data with the utmost integrity. Security features and functionality exist at ''all ''levels of our system - from [[Global User Administrator|administrative controls]] to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center.  Within our system, our '''internal system security '''is a two-tier model: * [[User]] access is firstly [[Organization hierarchy|hierarchically]]-dependent and can furthermore be restricted by [[User Role|role]]; field-level security is also based on role * [[Global User Administrator|Manager]] permissions control access to higher-level functions within {{UTA}}s  The below chart is a broad overview of our security licenses and features:  {| class="wikitable"|-||'''Certifications, Memberships & Compliance'''||* SmartSimple and its hosting partners are all SOC 2 certified  * SSAE 16 (The United States)** CSAE 3416 (Canada) * FS-ISAC (Financial Services - Information Sharing and Analysis Center) |-||'''Encryption & Protection'''||* SHA 256 [[Password Policy|Password]] Encryption * SSL (128/1024) Encryption* Closed ports - otherwise, communication is using HTTP port 80 or HTTPS port 443* All outward-facing [[URL]]s (external [[Signup Page|sign-ups]], [[Login Page|logins]], or other entries) are encrypted* Encrypted severs (provides protection from "bare metal attacks") * DDoS shield |-||'''[[Roles and Security Settings|Role-Based Permissions]]'''||* The creation of [[User Role|user roles]] define levels of access - this is a central feature of the [[SmartSimple]] platform * This user level control ensures that information is only accessible to those who are authorized* Access policies are configurable to be as granular as necessary * See Also: [[Organization hierarchy#Organization Based Security|Organization-Based Security]] |-||'''Applicant Screening'''||We've built in comprehensive screen options through OFAC and GuideStar™.  We also integrate with international tax authorities to verify charitable status: * The Internal Revenue Service (IRS) * The Canadian Revenue Agency (CRA) * The Australian Business Register* Charity Commissioners (UK)  |-||'''System Lockdown'''||At the first sign of an attempted breach of security, your SmartSimple [[instance]] can be placed on lockdown. This ensures that access is limited to parties who are addressing the security concern.|-||'''Forensic Auditing'''||With your permission, SmartSimple can track system usage and provide you with detailed access [[Reports|reports]]. This may help to identify any unauthorized access resulting from issues such as shared [[Password Policy|passwords]] and malicious data manipulating.|-||'''[[Reader Log]] and [[Track Changes|Field Change Tracking]]'''||All field changes are tracked and auditable. |-||'''[[Two-Factor Authentication]]'''||Protect your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication drastically reduces the incidence of online identity theft and fraud. |}* SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination. * Our hosting server, '''AWS (Amazon Web Services), '''is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider. [[Category:Contents]]