We make security a top priority.
Simplifile has a proven track record of securing customer and employee data. Our information technology team utilizes redundant equipment and firewalls, TLS 1.2 encryption, intrusion detection and prevention systems, log aggregation and monitoring, and more to maintain security in depth. To prepare for disaster recovery, we have three different data storage locations in the U.S.
Communications and data access
All communication to and from Simplifile is encrypted based on current security best practices. Data is encrypted in transit using TLS 1.2 with strong ciphers as well as at rest using full disk encryption. Remote access requires a VPN connection using multi-factor authentication (MFA). Submitter and county users must be authorized by submitter and county representatives respectively. All authentications to network devices use proper encryption. Simplifile transmissions occur over the internet using the Transport Layer Security (TLS) protocol version 1.2 and 256-bit encryption.
Physical security
Physical access to Simplifile鈥檚 data centers and servers is limited to a small set of people who are responsible to maintain those physical systems. No other employees have physical access to the production server, switches, firewalls, or other network or server devices.
Data rooms and networks
All data rooms, either owned by Simplifile or used by Simplifile, allow for us to use redundant firewalls with redundant links. Simplifile firewalls are configured according to current industry best practices. All devices connected to Simplifile networks must be formally approved before connecting. When available and practical, Simplifile uses redundancy in the switching infrastructure to maintain high availability.
Monitoring security
Intrusion detection and prevention systems are deployed at each location to monitor network traffic. Logs from network appliances and servers are aggregated and correlated by a security information and event management (SIEM) tool for daily review by Simplifile security personnel.
Audit and security penetration testing
All components of Simplifile security policies are audited for completeness and relevance twice a year. This includes, but is not limited to, security penetration testing by either internal or third-parties. Following this activity, the policies are reviewed, next steps determined, and appropriate action is taken.
Security and system hosting capabilities
- Multi-homed network over multiple ISPs
- Managed services, including monitoring and alert, remote hands, and 24-hour expert support
- Protected power (UPS and generator)
- Biometric and proxy card security with video monitoring
- Double interlocked dry pipe fire suppression
- Zone 4 seismic structure
- A18SSAE16 SOC Type 2 security compliance
鈥淲e wanted to offer a more convenient, secure option for people to submit their documents to the county, and Simplifile has helped us achieve that.鈥
Angie Pohlmeier
Deputy Register of Deeds
Cass County, NE