Success is built on trust and it starts with transparency.
We assure you only the best practices and standards in information security.
Simfoni directors, employees, contractors, consultants, and other workers at Simfoni, including all personnel affiliated with third parties who are performing services on behalf of Simfoni are required to adhere to the policies and processes contained within this master data security policy document and local laws and regulation.
This policy applies to the use of information, electronic and computing devices, and network resources to conduct Simfoni business or to interact with internal networks and business systems, whether owned or leased by Simfoni, provided by a client, an employee, or a third party.
Amazon Web Services
Simfoni’s client data is stored in the cloud database and is encrypted using Amazon EBS. Changing the encryption status of the data requires additional approval from the respective Simfoni Regional Managing Director. All data in Simfoni’s cloud application(s) are encrypted using secure sockets layer (SSL)
Email Marketing Lists and Opt-Out
SOC 2 Report: What is it?
Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy: Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. SOC 2 engagements use the predefined criteria in Trust Services Principles, Criteria and Illustrations, as well as the requirements and guidance in AT Section 101, Attest Engagements (AICPA, Professional Standards, Vol. 1). A SOC 2 report is similar to a SOC 1 report.
SOC 2 reports specifically address one or more of the following five key system attributes:
- Security — The system is protected against unauthorized access (both physical and logical).
- Confidentiality — Information designated as confidential is protected as committed or agreed.
- Privacy, Availability, and Process Integrity were not tested.
- Privacy — Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
- Availability — The system is available for operation and use as committed or agreed.
- Processing integrity — System processing is complete, accurate, timely and authorized.
Simfoni & the General Data Protection Regulation
Effective 25 May 2018, the EU General Data Protection Regulation (“GDPR”) replaced the 1995 EU Data Protection Directive. GDPR (i) strengthens the rights that individuals have with respect to their personal data and (ii) imposes new obligations on organizations processing the personal data of individuals residing in the EU. Simfoni is committed to help and ensure our customers’ compliance with GDPR.
What does GDPR mean for our customers and Simfoni?
Our customers’ may enter certain personal data into our software applications: primarily business contact information when logging in. Under GDPR, our customer is a “data controller” and a data controller’s responsibilities include: (i) determining the purposes and means of processing personal data and (ii) implementing appropriate technical and organizational measures to ensure and demonstrate that any personal data processing is performed in compliance with GDPR. Under GDPR, Simfoni, is a “data processor” and a data processor’s responsibilities include processing personal data in accordance with the limits of processing set forth by the data Controller. Accordingly, Simfoni must also implement appropriate technical and organizational measures to protect personal data and be able to provide assurances to our customers that we are only processing personal data in accordance with our customers’ instructions. To accomplish these goals, Simfoni has implemented a comprehensive GDPR compliance program to provide the necessary safeguards and documentation to support our customers’ GDPR compliance efforts.
What does GDPR require?
Simfoni is committed to comply with GDPR regulations across our software and solutions.
Simfoni is committed to providing our Procurement technology to our Clients in compliance with applicable laws and regulations in general and data privacy laws such as the EU General Data Protection Regulation (GDPR) in particular.
Where can you learn more about GDPR?
The rules and regulations of GDPR are available at https://ec.europa.eu/info/law/law-topic/data-protection_en. Additionally, the International Association of Privacy Professionals maintains comprehensive resources about GDPR and privacy generally. For additional guidance, Simfoni recommends you regularly (1) check the website of your national or lead data protection authority under GDPR, as applicable, (2) monitor updated regulatory guidance as it becomes available and (3) consult a lawyer to obtain legal advice specifically applicable to your business circumstances.