Overview
When a customer uses SimpleRisk as a hosted service in SimpleRisk’s AWS cloud environment, security responsibilities are shared between SimpleRisk and the customer. SimpleRisk manages and secures the infrastructure, operating system, and application, while customers remain responsible for user management, data access policies, and compliance with industry regulations.
SimpleRisk Responsibilities (Security “OF” the Cloud & Application)
Infrastructure & Hosting Security
- Secure cloud infrastructure (AWS-based hosting, secure networking)
- Server patching and OS hardening
- Firewall and network security controls
- Monitoring and incident response
Application Security
- Patching and updating SimpleRisk software for vulnerabilities
- Secure development practices (code reviews, security testing)
- Addressing security vulnerabilities in the SimpleRisk codebase
- Implementing authentication and session security controls
Data Security within the Application
- Ensuring encryption of sensitive data where applicable
- Providing secure authentication and session management features
Operational & Compliance Support
- Backup and disaster recovery planning
- Uptime and availability management
- Logging and security monitoring
Customer Responsibilities (Security “IN” the Application)
User Access & Identity Management
- Managing user roles and permissions within SimpleRisk
- Enforcing strong authentication policies (e.g., MFA)
Data Security & Privacy
- Controlling who has access to sensitive risk data
- Classifying and securing sensitive information
- Defining data retention policies
Compliance & Governance
- Ensuring compliance with industry regulations (HIPAA, GDPR, etc.)
- Auditing security configurations for regulatory requirements