Internal Controls & Monitoring

Speak to an Expert

Extensive and regularly vetted security protocols ensure data security and integrity.

Cimplifi has a cohesive and comprehensive security program to ensure our clients’ data remains safe. We have implemented far-encompassing internal controls and monitoring, supported by a matrix of platforms, programs, procedures, and processes, that are audited regularly through our Information Security Management System (ISMS) and governed by our ISO 27001:2013/17 certification.

Complete authentication and administrative control.

Our proprietary CI Login tool provides clients secure access to our ecosystem. CI Login uses Okta identity management for authentication, authorization, and monitoring. We also leverage Single Sign-On into our platform via SAML or OPENID. All Client Administrators have full access to user lifecycle operations, logging, and configuration options so they can secure and configure their environment to their needs Okta brings next generation security options that are constantly improving, including: 

  • Adaptive 2 factor

  • GeoIP filtering

  • Impossible travel detection

  • User and device behavioral analysis

  • Unauthorized VPN detection

  • Automated threat blacklisting

  • Authentication attempt analysis and hunting

  • Exhaustive logging

Intrusion detection, incident response, and vulnerability management.

Our policy is to employ the highest level of security software and we are constantly deploying new tools to protect client data. Our technology partners provide advanced solutions for today’s most challenging security requirements: 

  • Intrusion detection

  • Incident response and insurance

  • Threat hunting

  • OWASP top 10 scanning & mitigation

  • DDoS mitigation

  • Penetration testing

  • Network and application firewall

  • Vulnerability mitigation and scanning, detection, and remediation

Log aggregation, monitoring, and alerting.

We maintain a variety of redundant logging, monitoring, and alerting systems that aggregate events and metrics across all of our systems. We apply custom thresholds and algorithms to drill into and bubble up important performance and security alerts to our immediate attention. We can even allow clients access to events directly associated with their users and data.

Personnel training, security awareness, and compliance.

All staff receive rigorous onboarding and annual training through our security awareness and training program supported by KnowBe4. This allows us to continually update and test our Employee Conduct Policies and ensure compliance.

Business continuity, performance, and capacity planning.

We maintain an environment capable of hosting multiple petabytes of data at any given time. Our primary data center is supported by a hot failover system as a disaster recovery backup which constantly replicates every bit of data, so loss in the event of a disruption is minimal – if any. Our redundant and efficient drive arrays run SAS, pure SSD, and Extreme IO, and data is automatically migrated through the system depending on demand.