Compliance Center
Sample Solutions
Compliance Center
Welcome to the Sample Solutions Compliance Center where you can find all the information connected to our compliance, procedures, and your security.
Overview
You can register and request access below.
Compliance Documentation
Access Compliance Documentation
Browse our documentation
Risk Profile
Product Security
Product Security
✅ Audit Logging
Sample Solutions provides comprehensive tracking of user actions and changes across the platform, including updates to permissions, configurations, and other key settings. These logs support issue diagnosis, security incident investigations, and regulatory compliance. By maintaining a detailed activity record, Sample Solutions’ audit logging promotes transparency and accountability, helping organizations detect anomalies and enforce security policies effectively.
✅ Data Security
Sample Solutions emphasizes data security with several key features:
Role and Permission Management: Administrators can manage roles with specific permission levels, ensuring users only have access to resources necessary for their role.
Encryption Mechanisms: Sample Solutions uses strong encryption for data in transit and at rest, safeguarding sensitive information from unauthorized access and breaches.
Multi-Factor Authentication (MFA): The platform supports MFA, adding an extra layer of security by requiring users to verify their identity through multiple methods, reducing unauthorized access risks.
Custom Password Policies: Administrators can enforce custom password policies, setting requirements for password complexity and expiration to meet organizational security standards.
✅ Multi-Factor Authentication
Sample Solutions integrates Multi-Factor Authentication (MFA) into its products and services to strengthen security by requiring users to verify their identity through multiple methods. Users can set up MFA by utilizing a phone number for SMS-based verification.
✅ Role-Based Access Control
Both role based and user based access controls are available for the Sample Solutions platforms. Additional details can be found in our product documentation.
Data Security
Data Security
✅ Access Monitoring
Sample Solutions secures and monitors network, infrastructure, and data access through a robust framework of policies and procedures. Key measures include continuous system monitoring to identify performance issues that could indicate security risks, strict access controls based on the principle of least privilege, and comprehensive log management to capture and review all activity. Quarterly access audits, conducted by Data/System Owners, ensure access permissions remain appropriate. These practices ensure that audit logging settings are consistently maintained and reviewed, enabling the detection and response to unauthorized access or suspicious activities effectively.
✅ Data Backups
Data is automatically backed up and monitored by the operations team to ensure successful completion and identify any exceptions. The backup infrastructure is securely hosted on Amazon, with access to backup files strictly limited to authorized personnel. To maintain reliability and integrity, backups are also subjected to automated testing.
✅ Data Deletion / Data Retention
Sample Solutions BV handles data responsibly, balancing the need for retention with privacy and compliance requirements. Data retention policies ensure that data is stored only as long as necessary for specific purposes, such as research or legal compliance. Once data is no longer needed, it is securely deleted to prevent unauthorized access or misuse. The company follows strict guidelines to protect personal information and adheres to GDPR and other relevant regulations. Clear processes are in place for both automated and manual data deletion to ensure data protection throughout its lifecycle.
✅ Data Masking
Data masking is a critical practice at Sample Solutions to ensure data privacy and security. It involves transforming sensitive information into anonymized or pseudo-anonymized formats, making it inaccessible to unauthorized users while preserving its utility for analysis. Common techniques include replacing, shuffling, or encrypting data elements like names, emails, and IDs. This ensures that personal data cannot be linked back to individuals, even during testing or research activities. Data masking complies with GDPR and other privacy regulations, safeguarding client and respondent information while enabling secure data handling.
✅ Data Leakage Prevention
As part of its commitment to information security and ISO 27001 certification, Sample Solutions has implemented robust Data Leakage Prevention (DLP) measures. These measures protect sensitive data from unauthorized access, transmission, or exposure. Key practices include monitoring data transfers, restricting access based on roles, and encrypting sensitive files during storage and transit. Systems are in place to detect and prevent potential data breaches, ensuring compliance with GDPR and other legal requirements.
✅ Data Removal
Sample Solutions has implemented policies and procedures to govern the secure disposal and destruction of data, hardware, and software. Data no longer required for business purposes is rendered unreadable. Physical asset disposal involves securely deleting data from devices, adhering to the NIST SP 800-88 standards for the destruction of physical disks, ensuring compliance and data security.
✅ Encryption-at-rest
Critical data is securely stored in an encrypted format using software that implements AES-256 encryption. This ensures sensitive information remains protected from unauthorized access while at rest.
✅ Encryption-in-transit
Sample Solutions encrypts data in transit using secure protocols such as HTTPS, VPN, SSH, SSL/TLS, and IPSEC. These measures ensure that sensitive information is protected from interception and unauthorized access during transmission.
✅ Physical Security
Sample Solutions applications and hardware are hosted primarily on Amazon Web Services (AWS), which leverages ISO 27001 certified data centers. Physical access to these facilities is tightly controlled and monitored, with no Sample Solutions employees granted access. Furthermore, Sample Solutions operates as a fully remote company without a physical office, enhancing flexibility and reducing on-premises risks.
App Security
App Security
✅ Code Analysis
Sample Solutions’ code analysis process includes documenting and authorizing changes, conducting thorough code reviews, and performing testing during development to ensure all tests pass before production deployment. When applicable, issue resolution is verified through user acceptance testing. The process also enforces strict controls on open-source software usage, detailed reporting for emergency changes, and segregation of duties. Additionally, infrastructure change management controls are maintained, including automated backups, risk-level assessments, and managerial oversight of configuration changes. Periodic security measures, such as vulnerability scans and independent penetration tests, are conducted, with findings prioritized and remediated according to their severity.
✅ Software Development Lifecycle
Sample Solutions has established documented Software Development Lifecycle (SDLC) policies and procedures to guide personnel in documenting and implementing application and infrastructure changes. The change control process includes steps for submitting and initiating change requests, documentation requirements, development practices, quality assurance testing, and the necessary approval procedures.
✅ Vulnerability & Patch Managemet
Sample Solutions conducts monthly vulnerability scans through a third-party vendor, in line with company policy. Additionally, the company has a patch management process to ensure customer and infrastructure systems are updated with vendor-recommended patches. Patches are validated to confirm successful installation, and system reboots are performed when necessary.
Data Privacy
Data Privacy
✅ Cookies
Information about Sample Solutions’ Cookie Policy is located in Section 1 of our Privacy Policy
✅ Data Breach Notifications
In the event of a data breach, Sample Solutions will promptly notify affected clients by calling and emailing designated contacts, as previously agreed upon. The notification will include details about the nature and impact of the breach, actions taken, an assessment of immediate risks, and any corrective measures to be implemented.
✅ Data Protection Impact Assessment
The Data Protection Impact Assessment for Sample Solutions BV focuses on identifying and mitigating risks associated with processing personal data, especially in the context of survey research, panel management, and telephone sampling activities as well as digital recruitment for B2B audiences. You can access our full Data Protection Impact Assessment document below.
✅ Data Into System
Sample Solutions collects information from users and trusted third-party sources, including personal contact details such as names, email addresses, phone numbers, job titles, employer information, and location. Additionally, Sample Solutions may collect payment data, including payment and credit card information, to process purchase requests.
✅ Data Out of System
Individuals have the right to access, correct, update, or request the deletion of their personal data. To submit a request to exercise those rights, please visit our Privacy Policy for detailed information on how to proceed.
✅ Employee Privacy Training
Sample Solutions prioritizes cybersecurity awareness and training to protect customer data and systems. The company has implemented a comprehensive training program for employees, which includes regular updates on cybersecurity best practices, threat recognition, and response protocols. This program is designed to keep staff informed about the latest security vulnerabilities and defense mechanisms. Additionally, Sample Solutions ensures all team members understand their roles and responsibilities in maintaining a secure environment, fostering a culture of security awareness across the organization. Regular training sessions and updates help sustain high standards of vigilance and preparedness against potential cyber threats.
✅ Legitimate Interest Assessment
Legitimate interests are one of the six lawful bases under the GDPR that organizations can use to justify the processing of personal data. It is considered the most flexible basis, allowing processing for purposes that align with an organization’s legitimate needs. However, it comes with an additional responsibility: organizations must conduct a Legitimate Interest Assessment (LIA) to ensure that the processing does not override the rights and interests of the individuals whose data is being processed. This assessment helps balance organizational objectives with the protection of individual rights. You can access our LIA document below.
Access Control
Access Control
✅ Data Access
Employees accessing the Sample Solutions system use secure authentication methods, including multi-factor authentication. Access to sensitive data is restricted to authorized personnel, adhering to the principle of least privilege to ensure users only have access to the resources necessary for their job functions. Access credentials are carefully managed, with regular audits and continuous monitoring to maintain security and integrity.
✅ Logging
✅ Password Security
Sample Solutions has a robust password policy to ensure system security and integrity. Employees are required to create strong, complex passwords, and multi-factor authentication (MFA) is enforced to provide an additional layer of security. Passwords are stored securely, with encryption applied both at rest and during authentication transmission, helping to maintain high levels of security and operational integrity.
Legal
Legal
✅ Subprocessors
| Company | Location | Additional Details |
|---|---|---|
|
Amazon Web Services (AWS)
|
United States |
Secure cloud hosting of production files |
|
Mongo DB
|
United States |
Source-available, cross-platform, document-oriented database program for database storage and processing |
|
OpenAI
|
United States |
Artificially Generated Project and Communications Recommendations |
✅ Customer Audit Rights
Sample Solutions will, upon a customer’s reasonable request and as required by Data Protection Law, cooperate with and contribute to assessments and audits, including inspections of our compliance with applicable Data Protection Laws, conducted by the customer or a third party on their behalf. Such audits or inspections will be subject to the following conditions: (a) they will not occur more than once per year, unless requested by a Supervisory Authority; (b) they will be conducted only during business hours; and (c) they will be performed in a manner that causes minimal disruption to Sample Solutions’ operations and business.
✅ Cyber Insurance
Sample Solutions integrates Multi-Factor Authentication (MFA) into its products and services to strengthen security by requiring users to verify their identity through multiple methods. Users can set up MFA by utilizing a phone number for SMS-based verification.
✅ Data Processing Addendum
Our DPA is available at our Privacy Policy page.
✅ Privacy Policy
Sample Solutions Privacy Policy is available on our website, please view it by following the link below.
If you have any requests, questions, comments, or concerns regarding our Privacy Policy or practices, please contact us at compliance@sample.solutions
✅ Service-Level Agreement
Sample Solutions has established contracts with its customers that outline its commitments and the associated system requirements.
Detailed information about the system’s design, operation, and boundaries has been prepared and communicated to help users understand their role within the system and the outcomes of its operation.
Customers are provided with clear instructions on how to report failures, incidents, concerns, and other complaints to the appropriate personnel.
✅ Terms of Service
Our Terms & Conditions are available on our website.
✅ Indemnity Insurance
✅ Legal FAQa
You can preview and download the legal FAQs below.
Infrastructure
Infrastructure
✅ Amazon Web Services
Sample Solutions uses AWS for hosting and storage.
✅ Status Monitoring
Sample Solutions System Status can be viewed at our Status Page.
https://status.sample.solutions/
✅ Anti-DDoS
Sample Solutions implements security measures to protect against Distributed Denial of Service (DDoS) attacks, ensuring the stability and availability of its services. These measures include real-time traffic monitoring and filtering techniques that detect and mitigate unusual or malicious traffic patterns. By utilizing these advanced defenses, Sample Solutions can effectively safeguard its infrastructure from disruptions caused by DDoS attacks, ensuring seamless and reliable access for its users.
✅ Business continuity and disaster recovery
Business continuity and disaster recovery (BC/DR) plans are developed, updated, and tested annually by our internal compliance team to ensure preparedness and resilience in the event of disruptions.
✅ Business continuity and disaster recovery
Business continuity and disaster recovery (BC/DR) plans are developed, updated, and tested annually by our internal compliance team to ensure preparedness and resilience in the event of disruptions.
✅ Network Time Protocol
To ensure accurate network logs and synchronization of system clocks across our infrastructure, Sample Solutions utilizes standard time servers.
✅ Separate Production Environment
At Sample Solutions, the production, staging, and development environments are maintained as distinct entities to ensure operational integrity and protect data confidentiality. Customer data is strictly prohibited from being used in non-production environments, ensuring that development and testing activities are conducted without compromising data security.
Endpoint Security
Endpoint Security
✅ Disk Encryption
All portable devices, including laptops and notebooks, are configured with full disk encryption to prevent unauthorized access to any data stored on the system. This measure ensures that sensitive information remains secure, even in the event of the device being lost or stolen.
✅ Endpoint Detection & Response
Anti-malware software is installed across Sample Solutions’ infrastructure and on workstations to detect and prevent malicious software. Updates to the anti-malware software are pushed automatically as they become available. All antivirus programs deployed on Sample Solutions’ computer and communications systems are configured to periodically scan all systems for viruses.
Network Security
Network Security
✅ Firewall
Sample Solutions ensures robust security by using advanced firewalls to protect its network. These firewalls monitor and control incoming and outgoing traffic based on predefined security rules, preventing unauthorized access and safeguarding sensitive data. A firewall is configured to block any unauthorized inbound network traffic from the internet, only allowing connections explicitly authorized by a rule. This guarantees that only legitimate and secure traffic can access our systems. Additionally, a comprehensive set of policies and procedures is in place to maintain a secure and reliable system environment for all users.
✅ Intrusion Detection and Prevention System
Sample Solutions employs an Intrusion Detection and Prevention System (IDP/IPS) to continuously monitor and analyze network events for potential or actual security breaches. The system is configured to promptly alert our personnel upon detecting any intrusion, enabling immediate and effective preventive actions to mitigate risks.
✅ Security Information and Event Management
Sample Solutions’ Security Information and Event Management (SIEM) system utilizes advanced detection capabilities and a robust enrichment process to monitor and analyze security events across the organization. It employs both out-of-the-box detection rules and customized threat scenarios, integrating with various data sources to provide comprehensive threat intelligence and alerts. The SIEM also supports integrations with case management tools and leverages SQL to create powerful custom queries. Through continuous enrichment, the SIEM enhances detection accuracy, improving its ability to identify and respond to potential security threats effectively.
Corporate Security
Corporate Security
✅ Asset Management Practices
Sample Solutions’ asset management process ensures that all hardware and software are procured through approved channels and trusted vendors. An inventory of all production information systems is maintained, documenting each asset’s name, location, security classification, and configurations. Only company-owned devices, which must meet strict security requirements, are authorized for use. When no longer in use, devices must be returned to Sample Solutions, and the IT department must approve any disposal or third-party removal of equipment, following strict disposal procedures to ensure security and compliance.
✅ HR Security
Upon hire, personnel are required to acknowledge receipt of the employee handbook and code of conduct, as well as complete a background check.
✅ Incident Response
Sample Solutions has established comprehensive incident response policies and procedures to guide personnel in promptly reporting and effectively addressing IT incidents. These procedures provide clear steps for incident identification, classification, investigation, and resolution, ensuring a coordinated and efficient response to minimize impact and quickly restore normal operations.
✅ Internal Assessments – Yearly
Sample Solutions has established a comprehensive risk assessment and internal audit process to ensure robust information security management. Management has defined a formal risk assessment process to identify internal and external threats and vulnerabilities, evaluate risks, and address them while setting risk tolerances. This risk assessment is conducted at least annually to identify potential threats and vulnerabilities that could impact system commitments and requirements.
In addition to risk assessments, Sample Solutions conducts regular internal audits to ensure compliance with SOC 2 and ISO 27001 standards. These audits align with industry best practices and reinforce our commitment to maintaining a secure and reliable information security environment. Furthermore, Sample Solutions performs vendor risk assessments to ensure that third-party partners adhere to our stringent security standards.
✅ Penetration Testing
Sample Solutions conducts regular penetration tests to proactively identify and address security vulnerabilities within its systems. The results of these tests are thoroughly analyzed, and remediation actions are promptly implemented to enhance the organization’s overall security posture.
Reports
Reports
✅ Data Flow Diagram
✅ Pentest Report
✅ Vulnerability Assessment Report
Policies
Policies
✅ Acceptable Use Policy
The Acceptable Use Policy defines guidelines for the proper use of electronic equipment, networks, and internet services by employees, contractors, and other personnel. Sample Solutions aims to protect itself from risks such as data breaches, malware, and legal issues by clearly outlining responsibilities and acceptable behaviors related to user IDs, passwords, email usage, internet conduct, and information security.
✅ Access Control Policy
The Access Control Policy & Procedures outlines the management and control requirements for accessing information on Apollo’s computer and communication systems. It includes guidelines for creating user IDs, managing passwords, assigning privileges, and the authorization process to ensure secure and controlled access to sensitive data.
✅ Account Management Policy & Procedures
The Account Management Policy & Procedures delimitates the requirements for secure management of user accounts on the company’s computer and communication systems. It includes guidelines for authorization, unique user IDs, role-based access control, and maintaining account security to ensure that only authorized individuals have access to sensitive information and systems.
✅ Anti-Slavery Policy
This policy outlines Sample Solutions’ commitment to opposing modern slavery and human trafficking within its operations and supply chain, in alignment with Sample Solutions’ business principles and ethical standards.
✅ Asset Management Policy
The Asset Management Policy & Procedures define the requirements and responsibilities for safeguarding Sample Solutions’ information assets. This policy encompasses asset procurement, inventory management, authorization processes, and disposal practices. Its objective is to prevent the misuse or loss of information assets by implementing effective tracking procedures, ensuring secure configurations, and managing the lifecycle of all hardware and software used within the organization. The policy applies to all employees, partners, and third parties with access to Sample Solutions’ information assets.
✅ Business Continuity Policy
The purpose of this document is to outline the company’s approach to implementing and maintaining a strategic plan and management program for business continuity and disaster recovery (BC/DR). This policy serves as a guide for the organization’s efforts to restore Information Technology (IT) infrastructure and services in the event of a disaster or other disruptive incidents.
✅ Code Change Management Policy
The Code Change Management Policy outlines the control requirements for implementing software changes in customer-facing environments. It defines the stages of the change management process, including project initiation, development, testing, and deployment of production changes. The policy also provides guidelines for managing open-source software, addressing emergency changes, and maintaining segregation of duties and confidentiality to ensure secure and efficient change management.
✅ Confidentiality Policy and Procedures
The Confidentiality Policy and Procedures outline the standards for handling, storing, transmitting, and destroying confidential data. It establishes guidelines for accessing and protecting such information, including requirements for encryption, labeling, and secure storage. The policy is designed to safeguard all confidential data, including customer information and sensitive company data, ensuring compliance with applicable federal and state privacy laws.
✅ Corporate Email Security Policy
The Corporate Email Security Policy outlines the rules and requirements for the secure use and management of electronic mail at Sample Solutions. It addresses authorized usage, email ownership, acceptable use, content restrictions, attachment handling, identity theft prevention, and employee monitoring. The policy is designed to ensure that email communication within Sample Solutions remains secure, efficient, and compliant with the organization’s information security standards.
✅ Encryption Standard, Policy & Procedures
The Encryption Standard, Policy & Procedures establishes Sample Solutions’ guidelines for using encryption to safeguard sensitive and private data. It outlines requirements for encrypting data both in transit and at rest, defines responsibilities for users and IT support, specifies approved encryption algorithms, and details key management practices. The policy aims to ensure that all sensitive information is securely encrypted, adhering to regulatory standards and internal policies.
✅ Firewall Management Policy
The Firewall Management Policy outlines the key rules for managing and maintaining firewalls at Sample Solutions. It applies to all firewalls owned or controlled by the company, including those managed by third parties. The policy provides guidelines for business justification, access approval, implementation, operation, and continuity management to ensure the security of the network and the protection of sensitive information.
✅ Incident Response Policy
The Incident Response Policy outlines the steps Sample Solutions follows to prepare for and respond to security incidents. It addresses the identification, classification, and management of both electronic and physical incidents to minimize impact, secure the network, and ensure rapid recovery. The policy also provides guidelines for incident notification, risk management, and maintaining confidentiality throughout the response process.
✅ Information Disposal Policy
The Information Disposal Policy defines the controls for securely disposing of Sample Solutions’ sensitive information in both paper and electronic formats. It establishes standards for data sanitization, assigns roles and responsibilities for information security, and provides guidelines for the destruction of electronic media and computer equipment. The policy aims to ensure sensitive data is destroyed securely, preventing unauthorized access and ensuring compliance with regulatory requirements.
✅ Infrastructure Change Management Policy
The Infrastructure Change Management Policy outlines the control requirements for making hardware or software changes to Sample Solutions’ infrastructure, including computer and communication systems. It includes guidelines for change requests, managerial oversight, security patching, and vulnerability management. The policy aims to ensure that all infrastructure changes are properly managed and monitored, maintaining the security, availability, and confidentiality of customer data and systems.
✅ Intellectual Property Rights & Proprietary Software Policy
This policy sets out Sample Solutions’ requirements we place on all staff to ensure compliance with legislative, regulatory and contractual requirements related to intellectual property rights and the use of proprietary software products.
✅ Logging and Monitoring Manual
This policy outlines the requirements for logging and monitoring activities within Sample Solutions to ensure the confidentiality, integrity, and availability of information, in accordance with ISO 27001 standards.
✅ Malicious Software Management Policy
This policy defines the framework for detecting, preventing, and mitigating malicious software (malware) threats at Sample Solutions. It ensures the protection of Sample Solutions’ IT infrastructure, data, and users from harm caused by malware.
✅ Network Security Management Policy
The purpose of this policy is to ensure the protection of information within Sample Solutions’ networks and supporting information processing facilities. It establishes guidelines to secure the company’s IT infrastructure against threats, ensure data integrity, and maintain confidentiality.
✅ Password Management Policy and Procedures
The purpose of this Password Management Policy is to establish a standard for creating, managing, and safeguarding passwords at Sample Solutions. This ensures that passwords used to access organizational systems and sensitive data are secure and comply with ISO 27001 standards.
✅ Personnel Security Management Policy
The purpose of this policy is to establish guidelines for managing the security responsibilities of personnel at Sample Solutions. This policy ensures that all employees, contractors, and third-party personnel understand their security roles and obligations to protect the company’s assets, information, and reputation.
✅ Physical and Environmental Security Policy
The objective of this policy is to minimize accidental or unauthorized access to Sample Solutions and all its connected systems, networks, applications and information. It is applicable to all forms of logical access.
This document supports the Information Security Policy. It provides direction and support for the implementation of information security and is designed to help Sample Solutions` employees carry out the business of the organization in a secure manner. By complying with this policy, the risks facing Sample Solutions are therefore minimized.
✅ Portable Device Policy
The purpose of this policy is to establish guidelines for the secure use of portable devices within Sample Solutions. Portable devices, including laptops, smartphones, tablets, USB drives, and external storage devices, can access or store sensitive information. To mitigate security risks, this policy defines controls and procedures to ensure their proper and secure use in compliance with ISO 27001 standards.
✅ Remote Access Management Policy
This policy establishes guidelines for secure remote access to Sample Solutions’ systems, networks, and data. It also aims to protect the organization from security threats, ensure data confidentiality, and comply with ISO 27001 standards for information security.
✅ Risk Treatment (Plan)
The Risk Treatment or Assessment Plan is a procedure to be applied after conducting a company Risk Assessment and before proceeding to the Risk Treatment stage. Its purpose is to plan the steps for dealing with all detected risks during the Risk Assessment.
✅ Vulnerability Management Policy
The purpose of this policy is to define the process for identifying, assessing, and mitigating vulnerabilities within Sample Solutions’ IT systems and networks. This policy ensures that the organization maintains a proactive approach to managing vulnerabilities to protect its information assets and comply with ISO 27001 standards.
Request private access to all documents
Register to our Compliance Center to access all documentation and policies.
Compliance Center Support
Need help using the Compliance Center?
Contact our team for help and additional information