Security Policies
Symplicity has adopted the following Security Policies:
Acceptable Use
Acceptable use policy is a document stipulating constraints and practices that a user must agree to for access to a corporate network and other Symplicity assets.
Access Control
Access Control Policy defines high-level requirements and guidelines on user account management, access enforcement and monitoring, separation of duties, and remote access.
Backup and Restoration
Symplicity actively manages risks associated with data loss by defining a sound backup regime for all the data services.
Bring Your Own Device (BYOD)
This policy is intended to protect the security and integrity of Symplicity’s data and technology infrastructure when employees are using their personal device(s) to connect to Symplicity 's corporate network.
Business Continuity and Disaster Recovery
Symplicity has a Business Continuity and Disaster Recovery Policy that ensures that we can quickly recover from natural and man-made disasters while continuing to support customers and other stakeholders.
Change Management
A formal change management policy governs changes to the applications and supporting infrastructure and aid in minimizing the impact that changes have on Symplicity processes and systems.
Clean Desk and Clear Screen
A clear desk and clear screen policy will help ensure that all sensitive/confidential materials are removed from workspaces and locked away when the items are not in use, or an employee leaves their workstation.
Corporate Ethics
Symplicity values ethics, trust and integrity throughout its business practices.
Customer Support and SLA
Customers are important to Symplicity. Symplicity provides Customer Support and a Service Level Agreement (SLA) to support its customers.
Data Integrity
Symplicity ensures that system processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
Data Retention and Disposal
This policy is about Symplicity 's approach for data retention and secure disposal.
Disciplinary Policy
Symplicity has implemented a disciplinary process in order to deal with instance(s) of indiscipline including (but not limited to) non-compliance to information security policies and procedures by users.
Incident Management
It is critical to Symplicity that security incidents that threaten the security or confidentiality of information assets are properly identified, contained, investigated, and remediated.
Information Classification
Information classification is the process of assigning value to information in order to organize it according to its risk of loss or harm from disclosure.
Information Security
Symplicity’s high-level policy of the organization that is created to support and enforce portions of Symplicity’s Information Management Policy by specifying in more detail what information is to be protected from anticipated threats and how that protection is to be attained.
Internal Audit
Symplicity conducts Internal Audits on its existing policies and controls to ensure the best level of service to its customers.
Internal Privacy
Policy Demonstrate Symplicity 's commitment to safeguarding and appropriately handling our employees' and contractors' personal information.
IT Asset Management
Symplicity closely manages IT systems and the data that they contain from purchase to disposal.
Key Management and Cryptography
Symplicity utilizes the latest commercially accepted encryption protocols.
Logging and Monitoring
Symplicity monitors and logs components and activities to effectively assess information system controls, operations and general security.
Mobile Device Management
This policy defines procedures and restrictions for connecting mobile devices to Symplicity 's corporate network.
Network Security
Symplicity provides a protected, interconnected computing environment through the use of securely configured network devices to meet organizational missions, goals, and initiatives.
Personnel Security
Symplicity members understand their roles and responsibilities around security and privacy.
Physical and Environmental Security
Symplicity protects managed systems and personnel from unauthorized access and from natural and human-caused damage or destruction.
Privacy Policy
The use and disclosure of personal information that is collected from individuals online, through websites and applications
Remote Access
Access to Symplicity resources from outside organization networks for business purposes is closely managed and protected.
Risk Assessment
Symplicity institutes regular risk assessments and uses industry best practices in remediation.
Risk Assessment and Risk Treatment Methodology
Symplicity provides a foundation for an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified.
Server Security
Symplicity manages, configures, and protects our servers and hosts based on industry best practices.
Software Development Policy
Symplicity designs and builds software with security and privacy as design principles.
Technology Equipment Handling and Disposal
Symplicity appropriately disposes of equipment that contains sensitive information.
Vendor Management
Symplicity actively manages risks around third-party vendors and their access to the organization's data.
Vulnerability and Penetration Testing Management
Symplicity conducts scheduled application and network scanning and penetration tests.
Working from Home
Working from Home Policy provides a framework for working from home where it is both practical and acceptable.
Workstation and Mobile Device
Symplicity protects laptops and workstations and their contents using industry best practices.
