111 57 STOCKHOLM SWEDEN
Phone: +46(0)10 750 09 66
We take security as one of our top priorities. Below you can find some of our security messures and methods to ensure that your data is safe and compliant with GDPR.
Simple Sign contains the highest credit rating according to UC (the national standard in Sweden).
SimpleSign is a secure e-signature provider that offers strong legal evidence built into its various processes from the ground up.
SimpleSign utilizes the latest in Blockchain technology to provide the utmost security possible for securing and validating all forms of electronic signature. Blockchain allows users to independently verify the authenticity of documents.
Therefore, once a document is signed users can verify a document’s authenticity directly without having to contact Simple Sign. Once a document is signed, it is sealed and added to an unchangeable database separate from SimpleSign.
The blockchain procedure utilized by SimpleSign is the same procedure used by companies such as Microsoft, Phillips, and Tierion to seal and secure their documents. All Document, User, and Detailed Logging information is stored through this procedure.
This blockchain procedure for securing data is enabled by default but can be disabled by users who opt to store their signing data in our database instead.
SimpleSign knows the value of security and takes strict proactive measures in order to ensure the absence of vulnerable holes. Thus, we perform penetration testing every three months.
Penetration testing, also called pen testing or ethical hacking, is the practice of testing in order to find security vulnerabilities that an attacker could potentially exploit. The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data.
This test helps determine whether the current system’s defenses are sufficient or if it is vulnerable to attack, and if so, which defenses (if any) the test defeated.
A number of tools (listed below) are used to check every area of the system during such a test.
Burp Suite (Java Program for Checking Intrusion)
The system development of SimpleSign follows market standards. Security design is documented for each component of the SimpleSign platform. Once per quarter (or at minimum one per year) a penetration test is performed in order to search for vulnerabilities in the system.
SimpleSign is continuously being developed in order to deliver a product of high standards with multiple functionalities, which might include reliance on external applications. In order to maintain the security standards of the Information System, each external application is examined and verified to make sure it meets its intended purpose.
In order to provide a secure platform with satisfying uptime, we use separate acceptance testing environments. In total, we perform four levels of segregation between our system environments.
Controlled acceptance testing is used with live data. This controlled testing is for using the combination of existing data with updated features, to avoid unexpected interference.
During the development of new code and before deploying any new code on an acceptance testing environment we apply Web Application Vulnerability Scanners. These scanners allow us to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal, and insecure server configuration.
Black Box Testing is a software testing method in which the internal structure/design/implementation of the item being tested is NOT known to the tester.
White Box Testing is a software testing method in which the internal structure/design/implementation of the item being tested is known to the tester. At SimpleSign, we believe that the ability to test an application both statically and dynamically will become increasingly important as technology and therefore potential security threats continue to increase. This is precisely why we use the best of both during different stages of the development cycle.
Static Application Security Testing (SAST) has the flexibility needed to perform in all types of SDLC methodologies. SAST solutions can be integrated directly into the development environment. This enables the Simple Sign team to monitor the code constantly and it leads to quick mitigation of vulnerabilities as well as enhanced code integrity. SAST is a white box testing method that covers a large part of our vulnerability testing.
Dynamic Application Security Testing (DAST) – or “Black Box testing” is ideally suited for later stage testing in which we leverage approved third-party solutions from Stockholm, Sweden that continuously improve with the latest vulnerability checks and protection.
We understand that your agreements are important and therefore SimpleSign is encrypted. We use TLS encryption for all data transfers. For document storage, we use a state-of-the-art Tier III, SSAE-16 certified data center with ISO 27001 certification. SimpleSign is compliant with GDPR to the extent necessary to maintain a secure SaaS solution. All user data is stored within the EU.
A complete Audit Trail is available for each activity performed on documents, workflow level, or on a user account. Here are the actions that will be logged and available for viewing in the audit trail:
SimpleSign understands the sensitivity of private information. This is why we follow a very strict policy to secure sensitive information (account, users, passwords, documents etc.). All documents are stored and transported in an encrypted format to ensure the utmost security.
Here are some recommendations in order to further secure an account
Phone: +46(0)10 750 09 66