Security & Incident Handling Information

In order to protect our assets and integrity, as well as the integrity of our end users, SimplyCast has a strong focus on security for the SimplyCast application.

There are four concepts that are core to a secure SimplyCast application:

• Authentication: Identifying an entity (person, computer, etc.) that wants to access something which is secured.
• Authorization: Determining what an entity is allowed to see and do. Authorization might also be thought of as “permission.”
• Logging and auditing: Logging for the SimplyCast application occurs at many touchpoints including all areas where SimplyCast talks to an outside system. This logging helps with auditing security and determining if there have been any unauthorized accesses.
• Endpoint security: Determining that the endpoints being utilized, both inbound and outbound, are all transferring data securely and have been properly authenticated.

There are five major parties that all contribute to overall SimplyCast application security:

• SimplyCast application: Security starts at home. The SimplyCast application itself has a number of security features designed to safeguard against data breaches, such as account ownership, individual user access control, and a full permissions system.
• Servers the SimplyCast application is hosted on: All access control is handled by time-tested, deny-by-default firewall practices. The outside world may only access the SimplyCast application through predesignated portals, such as the SimplyCast web portal.
• Database servers: Database servers are locked to only permit access from very specific locations with proper authentication.
• Employees who interact with the data: Employees are signed to strict agreements related to data integrity. Due to our strict data access policies, employees are only given access to information relevant to their day to day operations.
• Third parties: Any outside parties are only given access to the information required to perform their functions.

Breaches are detected and prevented through various mechanisms including automated monitoring, interaction logging, and regular System Administrator auditing. If any breach is detected, no matter how minor, a full investigation is initiated to determine impact and perform mitigation.

All employees of SimplyCast receive full best practice security training to help prevent accidental breaches.

SimplyCast’s incident management policy has been built to ensure that a standard but flexible process exists to handle a wide range of possible incidents that can occur during day-to-day operations. The process is built to ensure that each issue reported has an owner, and can be tracked to resolution. All incidents are reported to management. This ensures that SimplyCast can identify similar incidents and prevent any systemic issues that may cause incidents to repeat in the future.

Incidents may be reported by SimplyCast frontline employees as well as technical staff members. Depending on the severity level and impact of an incident, more resources may be issued to find a resolution. Security incidents always receive the highest severity and impact assessment. A response time goal is set based on the severity and impact of a given incident. Higher severity and higher impact issues are resolved as quickly as possible. The end goals of the incident resolution process are to minimize the total impact of any occurrence to the end user and maintain the security of the SimplyCast application.

All frontline and technical SimplyCast employees are given training to assess the severity of an event to properly escalate an incident once identified. Following identification of an incident, it is assigned an owner to lead the resolution process to ensure it is fully resolved.

For all high impact or severity issues, once an incident is resolved, root cause analysis is performed. Root causes are documented and transferred to management for evaluation.

We have data centers located in Canada. To utilize these data centers instead of the ones located in the United States, you must make an account with our .ca domain.

Our terms and conditions contain the retention/destruction of data information that you need.

You can find that information in Section 19: Access to, and Retention and Destruction of Data.