Simility’s versatile platform encompassing human analytics and machine learning helps companies fight abuse and fraud, while fostering trust and safety. As we continuously help our customers safeguard their websites and mobile applications against fraudsters, we make every effort to be as transparent as possible about our trust, security, and privacy processes.
In September of 2016, Simility successfully completed a Service Organization Control (SOC) 2 Type II audit, which is one of the most stringent international standards for security, availability, processing integrity, confidentiality and privacy. This confirms that Simility’s Fraud Prevention Platform is designed and managed to safeguard and keep clients’ data secure.
A SOC 2 examination shows that that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. It is designated as an acceptable method for a user entity’s management to obtain assurance about service organization internal controls over Security, Availability and Confidentiality without conducting additional assessments. A Type II report includes the service organization’s system description along with detailed testing of the design and operating effectiveness of the service organization’s controls.
The audit was conducted for the period of February 15 to September 1, 2016 along control activities related to:
- Security: Data centers are protected against unauthorized access, both physical and logical. Simility protects customer information through data encryption in transit and at rest. All access to production servers are behind VPN. All physical servers are hosted on a large reputable cloud hosting provider. This provider offers 24×7 surveillance, security logs, and multi-factor authentication.
- Availability: Simility strives to provide a high rate of availability time, especially given the critical need for real-time fraud detection at all times during business operations. All code revisions are backed up and can be easily reverted, and data and metadata backups are performed on a regular basis. This makes our application architecture highly available and redundant for our customers across the globe.
- Privacy: Simility ensures all customer data is encrypted during transmission and storage. Furthermore, some data can be hashed in order to anonymize it in the fraud analyst workflow, so nobody has access to raw data at any step in the data analysis process. Simility makes it possible for customers to quickly and easily reclaim or delete data at any time should the need arise.
Along with these logical data requirements, Simility was also examined for its organizational control objectives, which were tested on-site to ensure they are always in place.
The certification proves that Simility’s information security practices, operations, policies, internal controls and procedures effectively meet the rigorous requirements of the SOC 2 standard. Simility proudly sees this accomplishment as a reflection of its commitment to the highest levels of security and privacy within its own organization.