Compliance and regulations

At Simon we recognize that compliance is only one part of a bigger security program. We are committed to demonstrating our alignment with the industry and regulatory standards outlined below.

We recognize the need for independent verification of our security program at Simon. The standards that we align with are:

SOC 2

310

SOC 2

The SOC 2 standard is intended to guide companies that store and process customer data in a cloud environment. Simon Data has undergone a Type 2 audit against the SOC 2 standard, specifically, the security, confidentiality, and availability principles. To receive access to the report for record-keeping or your own vendor security purposes please get in touch with us at [email protected] or by reaching out to your Simon CSM.

Cloud Security Alliance Cloud Controls Matrix (CCM)

310

Cloud Security Alliance Common Controls Matrix (CCM)

The CCM was developed as a benchmark for cloud providers of all types to use for compliance activities. It aligns with many regulatory standards such as HIPAA, PCI, NIST 800-53, and more. Simon goes through a monthly self-assessment against the CCM and uses it to set goals for continued improvement of its overall security program.

View our self-assessment on the Cloud Security Alliance website

European Union (EU) Privacy Shield

310

EU Privacy Shield

As part of Simon's commitment to user privacy alongside data security, we have an internal assessment against the EU Privacy Shield standard and have entered as an active participant organization in the program.

Simon Data and the EU General Data Protection Regulation (GDPR)

Simon is committed to helping our customers and their users understand their rights and obligations as they pertain to data privacy under the General Data Protection Regulation (GDPR). This regulatory standard took effect worldwide on May 25, 2018.

To this end, we have introduced tools and processes to ensure our compliance with requirements introduced by the GDPR and to help our customers comply as well.

To learn more about the way that Simon handles GDPR compliance, please refer to our privacy policy.