As a compliance leader in the cannabis industry, Simplifya takes its own security and compliance initiative very seriously. One of our strategies has been to minimize our risk profile.

Risk Profile Statement

All development of Simplifya Protect (our compliance platform), web and mobile, is handled by Ceylon Solutions. As a result, Ceylon Solutions is responsible for most aspects of security and disaster recovery as it relates to Simplifya Protect.

Simplifya Protect is hosted with AWS. This allows Simplifya and Ceylon Solutions to shift much of the due diligence burden to AWS and leverage their massive investment in a secure infrastructure. It should be noted that no Simplifya employees have access to our AWS development environment - only those with a business need at Ceylon Solutions (eg, developers, QA analysts, etc).

Simplifya does not maintain a physical office - employees work remotely. As a result, we do not have any of the physical security concerns that go along with an office space or building (eg, visitor logs, rotating door codes, access badges, etc). We also do not have a private network (ie, local servers and network devices in an IT room with wired and wireless user connections) and so we do not have the overhead of managing remote access, network monitoring, access logging, etc.

We use a variety of cloud-based tools in part because most of the security burden shifts to the vendors of those tools. Primary among them is Google Workspace, which allows us to centrally manage users and security policies, Gmail automatically scans email and attachments for viruses, Drive has its own backup and retention processes, and so on. Similar benefits are reaped from other key cloud-based tools including JIRA, Stripe, Carta, and more.

Our public-facing websites are managed through a service provider (CCG) on the WPEngine platform. As a result, CCG/WPEngine manages all security and disaster recovery planning including but not limited to servers and their operating systems, network devices, software patches, backup and recovery, uptime and reliability, and more.