IT Security

This document sets out the IT-security measures used and applied by Simply CRM. In particular, our security measures concern terms of access and roles, infrastructure as well as procedures and certifications. The purpose of the document is to inform our customers, business partners and other shareholders about the standards we apply and how we uphold the measures mentioned in order to ensure that your data is safe and access to it is protected.

Access and roles

Our IT system contains a high-level user access management method and more than 90 security access levels can be defined. For you this means that:

  • You can restrict access to records by territory and responsibility.
  • You can restrict access to specific actions like view, edit or delete.
  • You can restrict access to menus, modules and utilities.
  • You can restrict access to specific reports and data export.
  • More than 3 faulty login attempt causes the user to be blocked.

Infrastructure

Our Simply CRM servers and services are located at Digital Ocean’s datacenter both in Western and Northern Europe. We chose to use Digital Ocean because of their status as market leaders, offering geographically dispersed locations as well as complying fully with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53. This way your data is stored secure and reliable and looked after by staff with years of experience in delivering one of the world’s largest online services with 24 x 7 continuity.

Our data centers are located at Digital Ocean, and are certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, the they have demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is necessary baseline for security. The ISO/IEC 27001:2013 certificate can be viewed here.

Procedures

  • Only trusted Simply CRM employees have remote access to the production environment including databases and applications.
  • All traffic between Simply CRM and the datacenter is carried using a secure encrypted connection.
  • Each Simply CRM instance is unique, and has its own URL.
  • Each Simply CRM customer has their own SQL database (physical file) with a unique, random name.
  • Periodic incremental backup and full backups for every 24 hours are used.
  • Simply CRM support staff only has access to the your system upon your explicit request.

Any comments or queries on this policy should be directed to us using the following contact details.

Simply Consulting ApS
Vesterbrogade 26
1620 København V
Denmark
CVR: 33970080
info@simply-crm.com

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.