close

Announcement: Accelerate enterprise decision-making with AI-ready master data governance on SAP BTP. Discover how in our blog.

Announcement: Explore our latest white paper for expert insights on AI, Clean Core, and SAP data governance. Discover our POV.

Announcement: See how SimpleMDG strengthens enterprise trust with ISO-certified governance. Read the full Press Release now to learn more.

Security and Compliance

Visit our trust center at: Trust Center – Vanta

Last updated Jan 1, 2026

Compliance

SOC 2 Type II

Laidon’s Information Security Program follows the Trust Services Criteria defined by the SOC 2 framework. SOC 2 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to evaluate controls related to security, availability, and confidentiality.

ISO/IEC 27001:2022

Laidon Group maintains a certified Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022. This certification independently validates the effectiveness of our security controls for protecting customer and operational data for SimpleMDG.

Computer System Validation (CSV)

We perform Computer System Validation (CSV) to support organizations in regulated industries such as pharmaceuticals and medical devices, where data integrity and compliance with FDA and EMA regulations are critical.

Access Security

Access Permissions

Access to cloud infrastructure and sensitive systems is restricted to authorized personnel based on job responsibilities.

Authentication Controls

We enforce strong authentication mechanisms, including Single Sign-On (SSO), multi-factor authentication (2FA), and password policies where supported.

Least Privilege Access

Access rights are granted following the principle of least privilege and reviewed regularly.

Access Reviews

Access to sensitive systems is reviewed at least quarterly to ensure appropriateness.

Password Standards

All employees must adhere to defined password complexity and rotation requirements.

Password Management

Company-issued devices require the use of approved password management tools to securely manage credentials.

Vendor Risk and Management

Risk Assessments

Formal risk assessments are conducted at least annually to identify, evaluate, and mitigate information security risks, including fraud-related risks.

Vendor Risk Management

Third-party vendors are assessed prior to onboarding and periodically thereafter to ensure they meet Laidon’s security and compliance requirements.

Organisational Security

Third-Party Audits

We undergo independent third-party audits and assessments to validate the effectiveness of our security and compliance controls.

Penetration Testing

Annual penetration testing is performed to identify and remediate potential security weaknesses.

Defined Roles & Responsibilities

Information security roles and responsibilities are clearly defined and documented. All team members are required to review and formally acknowledge security policies.

Security Awareness Training

All employees complete regular security awareness training covering topics such as phishing, password management, and secure data handling.

Confidentiality Agreements

All team members are required to sign and comply with industry-standard confidentiality agreements prior to their start date.

Background Checks

Background checks are conducted for all new hires in accordance with applicable local laws and regulations.

Cloud Security

Cloud Infrastructure Security

SimpleMDG is hosted on SAP or trusted Infrastructure-as-a-Service (IaaS) providers including Amazon Web Services (AWS).. Infrastructure is operated by these providers, while SAP manages the platform layer and Cloud Foundry. All environments adhere to consistent security programs and policies.

Learn more:

https://help.sap.com/docs/btp/sap-business-technology-platform/regions

https://help.sap.com/docs/btp/sap-business-technology-platform/btp-security

Data Protection & Privacy

SimpleMDG follows SAP’s shared responsibility model. SAP secures the underlying cloud platform, while Laidon implements operational security controls such as Least Privilege access and Zero Trust principles to protect customer data.

Learn more:

https://help.sap.com/docs/btp/sap-business-technology-platform/data-protection-and-privacy

Encryption at Rest

Customer data stored in SAP HANA is encrypted using multiple layers of protection, including cloud storage encryption, native SAP HANA data and log volume encryption, internal application encryption services, and encrypted backups using AES-256.

Learn more:

https://help.sap.com/docs/hana-cloud-database/sap-hana-cloud-sap-hana-database-security-guide/data-storage-security

Encryption in Transit

All data transmitted between SAP systems and the SimpleMDG application is protected using encrypted communication channels.

Learn more:

https://help.sap.com/docs/FRUN/6ba510f3be2945e19e497bfb1065b022/48b9d956a55740b1b6d248070c0fde26.html

Vulnerability Management

We perform quarterly vulnerability scans and actively manage remediation throughout the vulnerability lifecycle.

Logging & Monitoring

System logs are continuously monitored to detect operational issues and potential security events.

Business Continuity & Disaster Recovery

We leverage cloud provider backup and monitoring services to minimize data loss and maintain service availability during disruptions.

Incident Response

Laidon maintains a documented incident response process that includes escalation procedures, rapid mitigation, root cause analysis, and customer communication

Contact Us

If you have questions, concerns, or wish to report a potential security issue, please contact us via our Trust Center at Trust Center - Vanta

Ready to Simplify, Innovate and Lead?

Join the enterprises transforming their master data governance with SimpleMDG's

SAP BTP-native, AI-powered solution.

Talk To Our Experts Today
austrialiaImg

Australia
vietnamImg

Vietnam
germanyImg

Germany
UsaImg

USA
UKImg

UK
singaporeImg

India
cnTower

Mexico
singaporeImg

El Salvador