SECURITY
We are committed to
the integrity of your
firm’s data.
Our first priority is to make the closing process safe and secure. It’s critical to provide the appropriate measures to meet your firm’s security requirements. We start by ensuring you have the information you need to feel confident using our platform for your data.
We implement security best practices across our organization.
Data Encryption
SimplyAgree encrypts all data in transit and at rest, utilizing AES-256 data encryption in our databases. We enforce HTTP Strict Transport Security using a strong transmission protocol, key exchange and cipher.
Organizational security.
Security starts from the top down. Our Information Security Coordinator is a member of the management team. We maintain SOC 2 Type II compliance across our organization.
Custom infrastructure.
We can meet the infrastructure requirements of your firm or clients. SimplyAgree is deployable via a multi-tenant cloud, virtual private cloud or on-premises.
Seamless Single Sign On Integration.
- Maintain access controls from your source of truth with our SAML 2.0 SSO integration.
- Configurable with all major identity providers ("IdP") in 30 minutes or less.
- Just-in-time provisioning means you maintain access control with fewer resources.
- Customize and maintain 2FA or MFA requirements via your IdP.
Security is not one measure. It’s all of them.
Secure data centers
The SimplyAgree service is hosted with industry-leading, ISO 27001 and SSAE Type II-certified service providers offering state-of-the-art phsyical protection for servers and infrastructure. All servers within our production fleet are hardened and have a base configuration image applied to ensure consistency across the environment.
Data encryption
SimplyAgree encrypts all data in transit and at rest. We incorporate 256-bit Advanced Encryption Standard (AES-256) to encrypt data stored on disk, on the network and in our databases. Our website enforces HTTP Strict Transport Security using a strong transmission protocol, key exchange and cipher.
Data backups
We perform continuous automated database backups by persisting binary copies of the database cluster files and write-ahead log files to multi-datacenter, high durability storage facilities. Backups are regularly tested to ensure they can be restored.
Limited access
SimplyAgree adheres to the best practice of least privilege access across our organization. In particular, we place strict controls over our employees’ access to customer data. We employ multi-factor authentication for any access to systems with highly classified data, including our production environment and servers, which house our customer data.
Audit trails
We maintain an extensive, centralized logging system tracking security, availability, access and other metrics related to actions taken within SimplyAgree applications. Our development team hosts our private source code on a distributed version control system, providing administrators with clear change logs and the ability to control access to each of our repositories on a least privilege basis.
Third party testing
SimplyAgree conducts an annual SOC 2 Type II audit, performed by an accredited third-party auditor. We also complete independent penetration testing on our application and continuous vulnerability and infrastructure monitoring maintained by a third-party security specialists.