Information Security Measures

Simployer has security as its first priority

Simployer has implemented a set of organizational and technical information security measures to protect our products and systems handling both our own and our customer’s data, including personal data.

Identity and Access Management 

Simployer put a lot of effort into verifying our identities and verification processes should be done by multiple factors and trusted devices 

Simployer is living by the concept of not granting access to anything that is not known to us. This is also known as the principle of Zero-trust which greatly reduces the risk of human mistakes

For effective security governance, permissions are granted only in time-scoped windows, automatically audited and removed. Approval workflows are a natural part of getting access , both internally and/or customer consent

Security by design

A well formed development lifecycle is to us built with security from the ground up. We call this "Security by design" which includes security mechanisms and risk management in all phases of our product lifecycle, and starts with a robust architectural design.

Security patterns provide solutions for enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability, safety and non-repudiation requirements, even when the system is under attack

Your data is secured within multiple layers of security, including Data, Program, Host, Network and Physical. Your data is also segmented to prevent collateral damage in the case of an emergency

Periodical exercises of a disaster or data breach is part of our lifecycle and improves our response times to recover and also continuously improves our security design

Proactive monitoring 

We are proactively monitoring our systems to identify threats using the best tools on the market. Data-driven observability analyses our metrics and calculates anomalies and irregularities that may indicate threats.

Alert policies are automatically triggered to ensure quick incident responses. On-call operations is trained in professional incident management with 24/7 availability 

Proactively identifying and alerting against privacy risks is built into our platform for preventing internal threats or social engineering attacks

We also monitor Common Vulnerabilities and Exposures (CVE) both automatically in our software dependencies and ensuring our vendors comply

Technologies used in Simployer

We deliver true Software As A Service, and have done so from the very start. The only technology required from an end user is a modern browser. Behind the scenes the Simployer system is a mature system based on a range of technologies.

We use industry leaders to inspire and support Engineering teams at Simployer to pick the best technologies for new and existing products; and we have platforms to share knowledge and experience in technologies, to reflect on technology decisions and continuously evolve our technology landscape. Based on the pioneering work of ThoughtWorks, our engineering chapters (a chapter is a collection of professionals within a domain) sets out the changes in technologies that are interesting in software development — changes that we think our engineering teams should pay attention to and use in their projects.

Our engineering chapters facilitate and drive the technology selection discussions at Simployer across the Tech. Technologies have to go through evaluation and test period before being used in productionenvironments.