We run compliance watch on a regular basis through external reviews and audits following the same methodology globally. 

SimCorp Dimension as a Service

Application Management

SimCorp uses ITIL-based processes when managing the platforms and cloud services; from development to production for internal and external purposes. Our operational setup ensures that incidents are recorded, prioritized and solved in a standardized manner, and that all such events are documented. Strict access management procedures ensure that only appropriately screened employees can access data, and that their access matches their work-related need. Further, employee access is promptly revoked once it is no longer required. 

Our change management procedure ensures that changes go through a flow that includes prioritization, test, approval before being deployed to production environments, and that all steps are appropriately documented. Similarly, all incidents and monitoring events are recorded and tracked through to resolution. 

The relevant controls described above are covered by our SOC2 type 2 report. This report, prepared by a reputable and independent third party, is designed to assure clients of a secure and controlled operations environment, and typically covers client needs related to service provider compliance reporting. The report is available to clients and prospects – please reach out to your account representative if you wish to obtain a copy. 

Data location 

As a clients of SimCorp cloud services, it is transparent to you as to where your data is stored.

Many countries and industries are regulated by data protection laws, which requires you to know the geographic location of the data that they have entrusted to SimCorp cloud services. Furthermore, there may also be restrictions to a specific geographic location, such as within the European Union (EU).

The production environments of SimCorp cloud services currently operate in data centers located in the following regions:

• North America
• European Union
• Asia 

We do not replicate or move your business data (e.g. transactional data) between regions unless on direct clients requests. 

Vendor and platform management

SimCorp uses service providers and partners to provide parts of this service. All such vendors are required to adhere to SimCorp’s security requirements. SimCorp monitors compliance with these requirements through regular status meetings, review of third party audit reports, and site visits.