Simployer Trust CenterSecurity and ITInformation security policy › Risk assessments and quality system

Risk assessments and quality system

Risk assessments

Simployer  does regular risk assessments and has a set of preventive measures to prevent that:

  1. The customer's data should never be available for the wrong people
  2. The customer shall not experience any errors in the products or inconsistencies in Customer's data
  3. The solutions is not operational according to the Customer's agreed Service Level Agreement (SLA)

The risk assessments and associated preventive procedures and measures are documented in our internal quality system, which is the basis of the data processing agreement and the SLA that we commit to with our customers. All risks are classified in the likelihood that the risk may occur, as well as consequence if it occurs. Any deviations from the quality system are documented in a dedicated deviation handling system, and we have automated notification procedures for deviations. We warn our customers so that the Customer can comply with the notification duty against the Data Inspectorate.

Simployer currently use Price Waterhouse Coopers as auditors. We are audited on our compliance with the DPA and the SLA with our customers in accordance with the ISAE3402 auditing standard. 

Incident management

Central to our quality system are defined processes for managing incidents and planned change.

We have clear definitions of unwanted events, and our employees are trained to respond according to defined procedures if an event occurs.

We operate a public status page where customers can monitor open incidents and subscribe to notifications.

Change management

We are continuously developing all our modules. In order to reduce the likelihood of introducing errors in the system during changes, we work after defined processes throughout the stage from idea to finished product. Privacy is considered in all phases of the development process.

Deployment

All changes in the products that are to be rolled out to customers go through both automatic and manual tests. We have separate environments for testing, pilot and production, and can roll out changes without the customer experiencing downtime on the product. Our developers do not have access to the Customer's production environment. We also have the option of rolling back the product to earlier versions if the need arises.