Security and governance

Security Overview

Safeguarding your information and data

Simana is the leading web-based platform for quality improvement. All quality improvement relies on data.  That’s why, in order to protect the data entrusted to us, we operate an array of security controls and protocols.

This article covers:

Reliability & Availability
Application Security
Information Governance
Datacentre Protections

Reliability & Availability

Availability

Our goal is to ensure continuous availability of the Simana platform. We have measures in place to ensure the solution remains constantly available and aim to achieve 99.9% availability. Our team are on duty 24 hours a day and are backed up by AWS' datacentre team dedicated to maintaining constant service availability.

Back ups

All data saved in Simana is backed up on a consistent and recurring basis.  This includes the utilisation of frequent server instance backups, data redundancy replication, and multi-region/availability zone deployment architectures.

Redundancy

We utilise redundancy through AWS availability zones meaning that, in case of failure, customer data traffic is moved away from the affected area to another availability zone in the same region.

Application Security

Encryption of data

Encrypted in transit

All user interactions with the Simana platform (e.g. logins, browsing pages, api calls etc) are protected with top end in-transit encryption. They are encrypted in-transit with either TLS or SSL with RSA 2,048 bit keys or better.

Encrypted at rest

Simana leverages several technologies to ensure stored data is encrypted at rest. Physical and virtualised hard drives used by Simana product server instances as well as storage solutions like AWS Elastic File System use AES-256 encryption. Additionally, certain databases or field-level information is encrypted at rest, based on the sensitivity of the information. For instance, user passwords are additionally hashed.

Encryption keys

Encryption keys for both in-transit and at-rest encryption are securely managed. SSL & TLS private keys for in-transit encryption are managed through our certificate provider. Volume and field-level encryption keys for at-rest encryption are stored in a hardened Key Management System that uses HSMs validated to FIPS 140-2. Keys are rotated, and the frequency varies by the type of key and the sensitivity of the key and the data it protects.

Audits

Simana performs internal audits and engages with industry-recognised providers for external audits.

Penetration testing

Simana engages twice annually with industry-recognised providers for application and network penetration testing.

User account password requirements

Passwords must be 9 alphanumeric characters with at least 1 uppercase, 1 lowercase, 1 special (@,£,%) and 1 number.

Information Governance

Data ownership

Data in Simana comes in several types and the ownership is dependent on type.  User's personal data is owned by the data subject and content data (i.e. the information added to projects) is owned by your organisation. You can read more about data ownership in Simana here.

Data privacy

All personal data in Simana are managed in accordance with the rigorous regulations set out in the GDPR.  You can read more about how we protect personal information here and within our GDPR Compliance Statement.

Data sharing

Simana does not share content data with third party organisations. Certain personal data is shared with our CRM and Support software provider to enable us to identify users whilst providing support services, such as live chat and email and to contact users with relevant information to their use of our services.

Datacentre Protections

Physical security

Simana is hosted by Amazon Web Services (AWS). AWS' highly secure datacentres utilise state-of-the art electronic surveillance and multi-factor access control systems. Datacentre uptime is guaranteed between 99.95% and 100%, and the facilities ensure a minimum of N+1 redundancy to all power, network, and HVAC services. Datacentres are staffed 24x7 by trained security guards and are SOC 2 Type II and ISO 27001 certified (AWS compliance site)

Data location

Simana is available in a number countries, each with its own isolated version of Simana. Each version of Simana has a separate database and no data is ever shared between versions. All versions are hosted on Amazon Web Services (AWS) servers in London, England.

Key Features & Tools

Charting

Process Maps

PDSA / PDCA

Idea Management

Driver Diagrams

Fishbone

Root Cause Analysis

Checklists & Tasks

All-in-one Improvement Platform

Improvement Tools

Project Management

Collaboration

Workflows

Dashboards

Identify Opportunities

Deliver Improvements

Track Impact

Webinars

Guides & eBooks

Blog

Getting Started

Demos

Help Center

Improvement Hub

Media Kit

Latest From the Blog