IT security policy

Simployer has security as its first priority

Identity and Access Management 

Simployer put a lot of effort into verifying our identities and verification processes should be done by multiple factors and trusted devices 

Simployer is living by the concept of not granting access to anything that is not known to us. This is also known as the principle of Zero-trust which greatly reduces the risk of human mistakes

For effective security governance, permissions are granted only in time-scoped windows, automatically audited and removed. Approval workflows are a natural part of getting access , both internally and/or customer consent

Security by design

A well formed development lifecycle is to us built with security from the ground up. We call this "Security by design" which includes security mechanisms and risk management in all phases of our product lifecycle, and starts with a robust architectural design.

Security patterns provide solutions for enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability, safety and non-repudiation requirements, even when the system is under attack

Your data is secured within multiple layers of security, including Data, Program, Host, Network and Physical. Your data is also segmented to prevent collateral damage in the case of an emergency

Periodical exercises of a disaster or data breach is part of our lifecycle and improves our response times to recover and also continuously improves our security design

Proactive monitoring 

We are proactively monitoring our systems to identify threats using the best tools on the market. Data-driven observability analyses our metrics and calculates anomalies and irregularities that may indicate threats.

Alert policies are automatically triggered to ensure quick incident responses. On-call operations is trained in professional incident management with 24/7 availability 

Proactively identifying and alerting against privacy risks is built into our platform for preventing internal threats or social engineering attacks

We also monitor Common Vulnerabilities and Exposures (CVE) both automatically in our software dependencies and ensuring our vendors comply

Technologies used in Simployer

We deliver true Software As A Service, and have done so from the very start. The only technology required from an end user is a modern browser. Behind the scenes the Simployer system is a mature system based on a range of technologies.

The Simployer Tech Radar is a tool to inspire and support Engineering teams at Simployer to pick the best technologies for new projects and existing products; it provides a platform to share knowledge and experience in technologies, to reflect on technology decisions and continuously evolve our technology landscape. Based on the pioneering work of ThoughtWorks, our Tech Radar sets out the changes in technologies that are interesting in software development — changes that we think our engineering teams should pay attention to and use in their projects. And we make the radar and our developer site public.

How do we maintain the Simployer Tech Radar?
The Tech Radar is maintained by our Chapters (a chapter is a collection of professionals within a domain) — who facilitate and drive the technology selection discussions at Simployer across the Tech. Assignment of technologies to rings is the outcome of ring change proposals, which are discussed and voted on. The Tech Radar is open for contribution for all Development teams at Simployer and depends on their active participation to share lessons learned, pitfalls, and contribute to good practices on using the technologies.