TRUST

TRUST

Success is built on trust and it starts with transparency.

We assure you only the best practices and standards in information security.

SECURITY

Simfoni directors, employees, contractors, consultants, and other workers at Simfoni, including all personnel affiliated with third parties who are performing services on behalf of Simfoni are required to adhere to the policies and processes contained within this master data security policy document and local laws and regulation. 

This policy applies to the use of information, electronic and computing devices, and network resources to conduct Simfoni business or to interact with internal networks and business systems, whether owned or leased by Simfoni, provided by a client, an employee, or a third party.

Amazon Web Services

Simfoni’s client data is stored in the cloud database and is encrypted using Amazon EBS. Changing the encryption status of the data requires additional approval from the respective Simfoni Regional Managing Director. All data in Simfoni’s cloud application(s) are encrypted using secure sockets layer (SSL)

PRIVACY

We analyze visitors to our Website to improve our customer experience. We automatically collect information about visitors to Simfoni.com with “cookies” which provide information about your computer or mobile device, inform us what pages you visit, and if you’re a repeat visitor. You can choose to prevent the use of cookies within your internet browsers settings, but this may limit your ability to take advantage of all the features on our website.
We also use cookies to improve our marketing communications. Our advertising network partners, such as Google AdWords, use non-personally identifiable cookies to serve relevant advertisements. We only partner with online advertising networks that comply with the strictest common online advertising standards.
Email Marketing Lists and Opt-Out
Simfoni sends emails to potential new customers who have shown interest in Simfoni’s software and solutions. We only use your contact details to provide you with information on us and our products. You can unsubscribe at any point. We never sell or give your information to any third party. We treat your information as confidential and apply best practice information security practices to protect it. We adhere to applicable laws regarding personal data protection.

CERTIFICATES

SOC 2
SOC2  is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
The international acceptance and applicability of SOC 2 is the key reason why certification to this standard was Simfoni’s selection for implementing and managing our information security. Achieving SOC 2 certification underlines our commitment for securing our customer’s sensitive information and help our customers to fulfill their compliance requirements.
SOC 2 Report: What is it?

Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy: Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. SOC 2 engagements use the predefined criteria in Trust Services Principles, Criteria and Illustrations, as well as the requirements and guidance in AT Section 101, Attest Engagements (AICPA, Professional Standards, Vol. 1). A SOC 2 report is similar to a SOC 1 report.

SOC 2 reports specifically address one or more of the following five key system attributes:

  • Security — The system is protected against unauthorized access (both physical and logical).
  • Confidentiality — Information designated as confidential is protected as committed or agreed.
  • Privacy, Availability, and Process Integrity were not tested.
  • Privacy — Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
  • Availability — The system is available for operation and use as committed or agreed.
  • Processing integrity — System processing is complete, accurate, timely and authorized.

GDPR Policy

Simfoni & the General Data Protection Regulation

Effective 25 May 2018, the EU General Data Protection Regulation (“GDPR”) replaced the 1995 EU Data Protection Directive. GDPR (i) strengthens the rights that individuals have with respect to their personal data and (ii) imposes new obligations on organizations processing the personal data of individuals residing in the EU. Simfoni is committed to help and ensure our customers’ compliance with GDPR.

What does GDPR mean for our customers and Simfoni?

Our customers’ may enter certain personal data into our software applications: primarily business contact information when logging in. Under GDPR, our customer is a “data controller” and a data controller’s responsibilities include: (i) determining the purposes and means of processing personal data and (ii) implementing appropriate technical and organizational measures to ensure and demonstrate that any personal data processing is performed in compliance with GDPR. Under GDPR, Simfoni, is a “data processor” and a data processor’s responsibilities include processing personal data in accordance with the limits of processing set forth by the data Controller. Accordingly, Simfoni must also implement appropriate technical and organizational measures to protect personal data and be able to provide assurances to our customers that we are only processing personal data in accordance with our customers’ instructions. To accomplish these goals, Simfoni has implemented a comprehensive GDPR compliance program to provide the necessary safeguards and documentation to support our customers’ GDPR compliance efforts.

What does GDPR require?
GDPR imposes a wide range of requirements on organizations that collect or process personal data, including a requirement to comply with six key principles: (1) personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); (2) personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (3) processing of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; (4) personal data must be accurate and, where necessary, kept up to date; (5) personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; and (6) personal data must be processed in a manner that ensures appropriate security for the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Simfoni is committed to comply with GDPR regulations across our software and solutions.

Simfoni is committed to providing our Procurement technology to our Clients in compliance with applicable laws and regulations in general and data privacy laws such as the EU General Data Protection Regulation (GDPR) in particular.

Where can you learn more about GDPR?

The rules and regulations of GDPR are available at https://ec.europa.eu/info/law/law-topic/data-protection_en. Additionally, the International Association of Privacy Professionals maintains comprehensive resources about GDPR and privacy generally. For additional guidance, Simfoni recommends you regularly (1) check the website of your national or lead data protection authority under GDPR, as applicable, (2) monitor updated regulatory guidance as it becomes available and (3) consult a lawyer to obtain legal advice specifically applicable to your business circumstances.

Download the Simfoni Information and Application Security Policy Document

Download the Simfoni SOC 2 Certification Report

Download Simfoni's GDPR Policy