Simply Stakeholders

Darzin Software takes security and data protection very seriously. We undertake continuous security control monitoring, employee training, penetration testing, regular audits and much more. You can review our <a href="https://app.drata.com/security-report/bd1b6033-5084-46b4-8aab-d87b2447f60f/0293593e-d6df-457d-9464-8d96d4dab53d" target="_blank" rel="nofollow noopener noreferrer">Drata Security Report here</a>.

Please refer to our <a href="https://simplystakeholders.com/privacy-policy/" target="_blank" rel="nofollow noopener noreferrer">Privacy Policy</a> for information on how we collect, use and disclose personal information  

Simply Stakeholders has provision for <a href="https://help.simplystakeholders.io/en/articles/9435950-microsoft-single-sign-on-sso">Single Sign On (SSO)</a> via Microsoft SSO and <a href="https://help.simplystakeholders.io/en/articles/9435956-okta-sso">Okta SSO</a>; and for <a href="https://help.simplystakeholders.io/en/articles/9556901-two-factor-authentication-2fa">Two-factor Authentication (2FA)</a> or Multi-factor Authentication (MFA).

What are your security policies and controls?

- The security report provides an overview of security policies and controls we have in place currently: <a href="https://app.drata.com/security-report/bd1b6033-5084-46b4-8aab-d87b2447f60f/0293593e-d6df-457d-9464-8d96d4dab53d" target="_blank" rel="nofollow noopener noreferrer">Drata Security Report</a>

What security certifications does Darzin Software hold?

- We currently have SOC1 and SOC2 certification; and working towards GDPR and NIST certification.

Are password and broader security policies in place

- For Darzin as a company: <a href="https://bit.ly/DarzinSecurity" target="_blank" rel="nofollow noopener noreferrer">https://bit.ly/DarzinSecurity</a>;
- regarding the Simply Stakeholders platform:<br>The password requirements are: Password must be of min 8 characters, max 20 characters and contain at least one uppercase letter, one lowercase letter, one number and one special character (# ! @ $ % ^ &amp; *) (E.g: #Abc12345)

- We store our data in the Azure Data Centres in your Server Region. E.g. data on the Australian server <a href="https://au.simplystakeholders.com/" target="_blank" rel="nofollow noopener noreferrer">au.simplystakeholders.com</a> data is stored locally in Australia.

What is SSTK’s data retention/deletion policy?

- Expired client's data is removed from the production server within 30 days from the end of contract or instructions from the client to end the contract. Data is removed from backup tapes in line with the expiry of backups.
- Our backup schedule consists of the following:
  - 15 minute DB log backups retained for 17 days on the server (and also retained in the server backups)
  - Daily DB backups retained for 2 days on the server (and also retained in the server backups)
  - Daily server backups retained for 7 days
  - Weekly server backups retained for 4 weeks
  - Monthly server backups retained for 6 months
  - All automatic backups are deleted after 6 months.

What is the availability of the platform including any conditions? 

- 99% uptime - we use Microsoft Azure datacentres which guarantee us a 99.9% uptime.

Do you encrypt data stored on the Simply Stakeholders platform?

- Information in any form, regardless of the media on which it is stored, as well as, any facility, system, or network used to store, process, and/or transfer information is encrypted. 
- Cryptography Controls 
  - SHA-2 (256) and (384)   
    All data is encrypted in transit with HTTPS/TLS 1.2.

- What are your security policies and controls?
  - The security report provides an overview of security policies and controls we have in place currently: <a href="https://app.drata.com/security-report/bd1b6033-5084-46b4-8aab-d87b2447f60f/0293593e-d6df-457d-9464-8d96d4dab53d" target="_blank" rel="nofollow noopener noreferrer">Drata Security Report</a>
- What security certifications does Darzin Software hold?
  - We currently have SOC1 and SOC2 certification; and working towards GDPR and NIST certification.
- Are password and broader security policies in place
  - For Darzin as a company: <a href="https://bit.ly/DarzinSecurity" target="_blank" rel="nofollow noopener noreferrer">https://bit.ly/DarzinSecurity</a>;
  - regarding the Simply Stakeholders platform:<br>The password requirements are: Password must be of min 8 characters, max 20 characters and contain at least one uppercase letter, one lowercase letter, one number and one special character (# ! @ $ % ^ &amp; *) (E.g: #Abc12345)
- Where is the data stored:
  - We store our data in the Azure Data Centres in your Server Region. E.g. data on the Australian server <a href="https://au.simplystakeholders.com/" target="_blank" rel="nofollow noopener noreferrer">au.simplystakeholders.com</a> data is stored locally in Australia.
- What is SSTK’s data retention/deletion policy?
  - Expired client's data is removed from the production server within 30 days from the end of contract or instructions from the client to end the contract. Data is removed from backup tapes in line with the expiry of backups.
  - Our backup schedule consists of the following:
    - 15 minute DB log backups retained for 17 days on the server (and also retained in the server backups)
    - Daily DB backups retained for 2 days on the server (and also retained in the server backups)
    - Daily server backups retained for 7 days
    - Weekly server backups retained for 4 weeks
    - Monthly server backups retained for 6 months
    - All automatic backups are deleted after 6 months.
- What is the availability of the platform including any conditions? 
  - 99% uptime - we use Microsoft Azure datacentres which guarantee us a 99.9% uptime.
- Do you encrypt data stored on the Simply Stakeholders platform?
  - Information in any form, regardless of the media on which it is stored, as well as, any facility, system, or network used to store, process, and/or transfer information is encrypted. 
  - Cryptography Controls 
    - SHA-2 (256) and (384)   
      All data is encrypted in transit with HTTPS/TLS 1.2.

Frequently asked questions (FAQs)