Symplicity is ISO 27001 certified. ISO 27001 establishes the requirements and procedures for creating an information security management system (ISMS). Having an ISMS is an important audit and compliance activity.
Symplicity is SSAE 18 SOC 2 Type II certified. SOC 2, Service and Organization Controls 2, investigates how a company commits to and implements internal data availability, security, processing integrity, confidentiality, and privacy controls. A SOC 2 audit provides an organization's customers and stakeholders with assurance about the adequacy and effectiveness of its data controls, based on their compliance with the trust services criteria. Third-party validation of data controls is essential for any organization involved in services that require data sharing.
The NIST 800-53 is a cybersecurity standard and compliance framework developed by the National Institute of Standards in Technology. It’s a continuously updated framework that tries to flexibly define standards, controls, and assessments based on risk, cost-effectiveness, and capabilities. Symplicity has been successfully audited by the Texas Dept of Information Resources through the Texas Risk and Authorization Management Program (TX-RAMP) for the NIST 800-53 security controls, gaining TX-RAMP compliance on June 15th 2023. Symplicity is proud to be listed on the TX-RAMP Certified Cloud Products List on the Texas DIR TX-RAMP site.
Symplicity is a PCI-compliant vendor. While only a few of the Symplicity applications have payment features, Symplicity uses third-party payment processors and does not store any credit card information on our servers or data stores. Symplicity provides a PCI Attestation of Compliance (AOC) to our clients when requested.