Security & Compliance

At Simptel, we guarantee reliable and trustworthy services by leveraging an enterprise-grade security automation platform to constantly monitor our applications, infrastructure, networks, and systems. Our practices align with the following frameworks and principles:

  • ISO 27001:2022
  • SOC 2 Type 2
  • GDPR
  • OpenID Connect
  • FAPI 2.0
  • Least Privilege Principle
  • Zero Trust Architecture
  • Low Attack Surface
  • Security and Privacy by Design
  • Cloud Native Security
  • Data Loss Prevention

Network security

Simptel Services utilizes security groups, firewalls, web application firewalls, and DDoS protection/mitigation techniques to restrict network access and prevent misuse.

Encryption

Simptel Services employs advanced encryption protocols to ensure complete data security. All data in transit is encrypted using TLS 1.3 or higher and mTLS for mutual authentication and encryption. We utilize AES-256 encryption. Our cipher suites are regularly reviewed and updated to comply with industry standards for security and performance.

Security testing

Simptel Services undergo regular security assessments, such as Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST). Additionally, independent penetration tests are conducted quarterly to identify and address vulnerabilities.

Secure software development lifecycle plan (SSDLC)

Simptel Services is developed using industry best practices for secure software development, including automated SDLC processes. Changes are documented, reviewed, and approved before execution. Changes are tested in non-production environments and validated using the Simptel Platform and Simptel services before production deployment. Infrastructure changes follow Infrastructure-as-Code best practices.

Resilience

Simptel is dedicated to maximizing service availability. Our cloud-native deployment strategy incorporates geographically distributed zones, regions & around the clock monitoring. You can always check the status of our services on our incident page at https://status.simptel.com. Our Information Security team uses advanced tools and technologies for real-time detection and alerting of suspicious activities. Following our Incident Response Plan, any incidents are promptly managed by our team.

Backups

Simptel Services are backed up daily to ensure recovery capability during unexpected data loss. These backups are retained for a period of 90 days. Additionally, disaster recovery plans and processes are tested annually at a minimum.

Third-party attestation

At Simptel, we prioritize data security and privacy, upholding a security-first approach in all our operations. As a Dutch-based company, GDPR compliance is fundamental, and we continuously bolster our security measures. Our Information Security Management System (ISMS) actively monitors our infrastructure in real-time, ensuring consistent protection against security threats. We have obtained our ISO 27001:2022 certification and are currently pursuing our SOC2 Type 2 certification, committing to annual evaluations by independent third-party auditors. These measures are aimed at ensuring the ongoing security, availability, confidentiality, and integrity of our customers' data at Simptel Services.

Security awareness training

All Simptel employees receive security awareness training during onboarding and annually. Development staff additionally receive OWASP-focused training. The effectiveness of our security training is evaluated through regular phishing simulation exercises.

Vulnerability management

At Simptel, we have implemented a Vulnerability Management Program that follows the best practices in the industry. This program ensures that we can quickly detect and resolve any potential security threats. We have a secure process in place for the confidential reporting of vulnerabilities. Although we do not currently have an external bug bounty program, we are considering it as a possible addition to our security strategy in the future.