At MadeSimple, we employ strong security measures throughout the entire information processing lifecycle. Our infrastructure is built to provide secure deployment and processing of services, secure data communications and storage. It is also important to understand that no system is 100% secure. while we will do our best to ensure your information stays safe, MadeSimple cannot guarantee the security of data. Please keep reading to explore how we keep your information secure.
We have mechanisms in place to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The following outlines our data security policy:
- To help protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, MadeSimple will implement and maintain technical and organizational procedures from the point of collection to the point of destruction. Personal data will only be transferred to a Data Processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
- The Security Measures include but are not limited to:
- Methods of disposal: Paper documents stored in the secure shredding bins provided. Digital storage devices deposited in the same manner. Hard drives retained by the IT department and destroyed securely
- Encryption: MadeSimple makes use of HTTPS encryption techniques to protect our systems and customer’s data in transit to MadeSimple sites is protected using HTTPS, which is activated by default for all users
- Access Controls: For MadeSimple employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. To help ensure ongoing confidentiality and integrity, MadeSimple will take appropriate steps to ensure any employees, contractors and Subprocessors process data applicable to their scope of performance, including ensuring only persons authorized can process Customer Personal Data.
- All payment details are transmitted over SSL and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).
- MadeSimple’s internal data access processes and policies are designed to restrict unauthorized persons and/or systems from gaining access to systems used to process personal data.
- MadeSimple’s production servers are only accessible by a limited number of authorized personnel. LDAP, Kerberos and systems utilizing SSH certificates are designed to provide secure and flexible access to systems
- MadeSimple incorporates strong password policies, two-factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented.
- Vulnerability Management: We regularly scan for software vulnerabilities using third-party security advisors and in-house tools, intensive automated and manual penetration testing and software security reviews. We leverage a range of products and tools to further protect personal data against unauthorised or unlawful processing.
- Personal devices: MadeSimple allows users to connect their corporate account to their personal device.
- MadeSimple manages and monitor apps and data link to their corporate profile. Before a user can connect their corporate account they must agree to our data privacy terms and conditions when a user leaves the company, their work profile is remotely disabled and wiped removing any corporate data.
- Data Storage: MadeSimple makes use of a highly redundant platform. Data and backups are stored securely in the cloud and are geographically distributed to protect against data loss. Database and file systems are replicated across multiple platforms to ensure a high level of redundancy.