Governance
Samedays has implemented a comprehensive information security program, with transparent policies guiding the various teams at Samedays. The information risk council is responsible for governing the information security and risk management duties of the organization, which include the development and maintenance of internal controls, development, and ratification of policies, as well as conducting annual risk assessments, internal audits, business impact assessments, and overseeing risk treatment plans.
HR Security
Human Resources best practices have been implemented to support a thorough employee screening process, security awareness training, and performance evaluations. These processes ensure employees operate in alignment with the security policies established by Samedays to protect sensitive field sales and performance data.
Access Management
In order to limit employees' access to sensitive information, Samedays has established role-based access controls that account for job function, active employment, legitimate business need, and privacy best practices. Samedays's access control division reviews roles on a quarterly basis to ensure employees have only the minimum level of access required to perform their duties.
Physical Security
Samedays prioritizes the security of endpoints by ensuring all company assets have system hardening configurations enabled, including antivirus software. Access to Samedays's systems is rigorously managed through Password Complexity Standards, 2-Factor Authentication (MFA), and Single Sign-On (SSO) integrations for enterprise clients.
Performance Monitoring
Samedays utilizes system monitoring tools, routine reviews, and comprehensive reporting to provide the basis for the effective operation of internal controls.
Samedays has action plans in place which facilitate timely responses to security events, and address compliance as well as confidentiality concerns. These are laid out and made available to employees in the form of written policies and procedures.
System Operations
Samedays ensures critical information is secured through the use of industry-standard encryption technology (AES-256) and established backup policies and processes. Any deviation from the norm is promptly addressed by Samedays's engineering staff to ensure the integrity of sales leads and field analytics.
Samedays maintains detailed incident response and business continuity plans that delineate duties and action plans during a security incident. In the case of malicious acts, natural disasters, or continuity events, Samedays maintains standards for identifying, documenting, reviewing, and remediating incidents faced by the organization. After an incident has been remediated, further analysis and management reviews take place in order to identify the root cause of the incident and prevent a similar occurrence in the future.
SDLC/Change Management
Samedays's internal applications and development environment are all supported by a thorough change management process, including maintaining a software development life cycle (SDLC) policy and standard operating procedures. Controls are implemented to manage access to source code, code promotion permissions, QA review, and code deployment.
System changes are formally planned, developed, documented, and reviewed before code is deployed into production. Samedays ensures that all staging, production, and development environments are separated and managed within secure Cloud Platform environments (AWS/Google Cloud).
Support
Operational Failures: Customer responsibilities include reporting operational failures, incidents, problems, concerns, and complaints to: support@samedays.com
HR Complaints: Complaints about Samedays employees for code of conduct and/or any other issues should be reported to: hr@samedays.com
Software Services Support: help@samedays.com
Privacy Questions and Concerns: legal@samedays.com