Data Security is the Oxygen Your Business Breathes
Security, not to be confused with securities cases in settlement administration, in this industry is a very big deal. Data breaches are so common it barely raises an eyebrow in the news. Simpluris knows this very well, and is fully committed to the security and overall protection of its own and its customer's data and information.
Our systems have been put through military-grade security protocol checks. At every level, every layer, Simpluris networks are battle-hardened and ready for action.
As demonstration of our commitment, we have obtained SOC 2 certification which requires us to adhere to strict policies and procedures surrounding information security including processing and storage of confidential customer data. Simpluris has and maintains a comprehensive, written Information Security Program that complies with all applicable laws and regulations (e.g. HIPAA, Gramm-Leach-Bliley Act, MA 201 CMR 17.00) and that is designed to (a) ensure the security, privacy and confidentiality of Client and Class Member Information, (b) protect against any reasonably anticipated threats or hazards to the security or integrity of Client or Class Member Information, and (c) protect against unauthorized access to, use, deletion, or modification of Class Member Information. Simpluris has designated specific employees to be responsible for the administration of its Information Security Program. In addition, Simpluris regularly monitors, tests, and updates its Information Security Program.
Simpluris uses Client and Class Member Information only for the purposes for which its' clients provide it, as described in any Agreements or Court Orders governing the provision of Simpluris' services in any particular case.
Matt Aires, Director of Information Technology
Simpluris has and maintains a process for identifying, assessing, and mitigating the risks to Class Member Information in each relevant area of Simpluris' services/operations and evaluating the effectiveness of the safeguards for controlling these risks.
Simpluris restricts access to Class Member Information only to those employees, agents, or subcontractors who need to know the information to perform their jobs. Simpluris performs background checks of all its employees that will have access to Sensitive Personal Information, including a review of their references, employment eligibility, education, and criminal background to ensure they do not pose a risk to the security of Client or Class Member Information.
Simpluris adheres to the following industry best practices to safeguard its systems which process, store or transmit Client and Class Member Information:
Identity and access management
Complex password requirements
Network password changes required at regular intervals
Role-based access control systems to limit individual employee access to network apps/areas based on role and function
Complex password authentication for remote access to Company's networks
Preventing terminated employees from accessing Class Member Information
Passed all compliance requirements for SOC 2 certification
Data Loss Prevention and Intrusion Prevention System software at multiple layers, preventing data leaks, malicious activity, and policy violations
Encryption of Class Member Information in if it is transmitted over public or wireless networks (e.g., via email, ftp, Internet, etc.)
Implementation of a Secure File Transfer system (using SSL encryption) for transmitting documents back and forth to clients
Encryption of servers, portable media, laptops, desktops, smartphones, mobile devices, and new technologies that store Class Member Information
Upon hire and annually thereafter, training of all employees with access to Class Member Information, (including any agents, and subcontractors with access to Class Member Information) are formally disclosed and sign for their obligations to implement the Information Security Program
Monthly all-company security reminder training, highlighting any new and pertinent techniques that have been observed in the general public
Disciplinary measures for employees who violate the Information Security Program
Hardware & Server Security
Appropriately configured and updated firewall, antivirus, and spyware software
Hardware USB and similar device detection on the network
Intrusion detection systems
Prompt application of vendor-recommended security patches and updates to systems and other applications to avoid any adverse impact to Class Member Information
Separation of duties practices and policies
Out-of-Band communications practices and policies
Phishing email detection and regular preventative practices
Email attachment / download scanning
Infrastructure and physical security systems at all business locations including 24-hour video monitoring at key Simpluris operations centers
Biometric fingerprint identification hardware at all doors at our Costa Mesa headquarters
Business continuity planning
Disaster recovery planning
EXPERTISE, AT SCALE
A Technology Platform
For Settlement Administration