Symplicity Security Program

Cybersecurity is crucial because it safeguards all types of data against theft and loss.  Learn how Symplicity provides security for our clients

 

Culture of Security

At Symplicity, protecting our customers' data is an integral part of our trust and promotion in our organization. We have a team of dedicated security professionals, working in partnership with all Symplicity employees, that have taken extensive steps to implement best practices and identify and mitigate risks on an ongoing basis. Ethics are at the core of Symplicity's Information Security Policies and Procedures and define how we operate as a company.

 

Security Program and Team 

Symplicity has a dedicated information security team consisting of a full-time dedicated Information Security Officer (ISO) and a Security Specialist who works with the VP of Technology, the various Directors of Engineering, Design, and Infrastructure, as well as the IT team and the General Counsel’s Office, and who are responsible for the management of information security throughout the organization.  

  

Certifications (Security Compliance) 

As a global provider for higher education software, Symplicity complies with all applicable data privacy laws. Symplicity is ISO 27001 and SSAE 18 SOC 2 Type II certified. Symplicity is also GDPR, PCI SAQ-A, and CCPA compliant. We are currently adding TX-RAMP (NIST 800-53) compliance to Symplicity's Information Security Program. Additionally, Symplicity maintains a relationship with Cybersecurity and Infrastructure Security Agency (CISA) to ensure that we stay up-to-date with the latest security requirements and recommendations. 

 

Audits & Self-Assessments 

Symplicity ensures our services securely manage the data to protect the interests of our organization and the privacy of our clients. Our environments are protected by security controls that have undergone numerous audits for US Federal Government Authority to Operate (ATO), SOC-2 Type II, ISO 27001, as well as self-assessments such as the Higher Education Cloud Vendor Assessment Toolkit (HECVAT) and the CSA Star Self-Registry Consensus Assessment Initiative Questionnaire (CAIQ), also known as Star Level 1. Symplicity is also compliant with privacy frameworks across the globe including but not limited to GDPR/UK-GDPR, CCPA/CPRA, LGPD, CPPA, The Privacy Act, PDPA, and PDPO. 

 

 Encryption 

Symplicity employs a set of procedures to obtain network and data security objectives. To protect data in transit between our app and our servers, Symplicity supports the latest recommended secure cipher suites to encrypt all traffic in transit which includes the use of the latest TLS protocols.    

Data at rest in Symplicity’s production network is encrypted using industry-standard 256-bit Advanced Encryption Standard (AES256), which applies to all types of data at rest within Symplicity’s systems—relational databases, file stores, database backups, etc.