As more insurance brokers look to AI to enhance operational efficiency, protecting sensitive data and adhering to compliance standards are more important than ever. At Simpli, we understand the critical need for robust security measures. Our mission is to provide innovative digital solutions that not only enhance efficiency but also safeguard the data our clients entrust to us. Here's a closer look at how we achieve this through cutting-edge technology and industry best practices.

Identity and Access Management

Our platform integrates seamlessly with clients' identity management systems, offering Single Sign-On (SSO) capabilities. We empower clients with administrative controls to manage user privileges, define data governance rules, and monitor usage through robust observability tools. For enhanced security, Multi-Factor Authentication (MFA) is available, along with geofencing to prevent access from unauthorised regions.

Data Encryption and Secure Transmission

Data security is ensured both in transit and at rest. Communication between the front-end and Simpli’s back-end services is encrypted, while a cloud-hosted, scalable vector database stores document embeddings securely. Access to sensitive endpoints is restricted via JWT tokens and Role-Based Access Control (RBAC). Additionally, connections are safeguarded using TLS and, optionally, client certificate validation.

Simpli further anonymises personally identifiable information (PII) before transmitting any data to external language models, ensuring no sensitive client data is exposed.

Protecting Inputs and Outputs

Our platform employs rigorous input sanitisation to verify that no sensitive information is inadvertently included in AI prompts. Meanwhile, intelligent guardrails filter LLM responses to prevent harmful or inappropriate outputs. These mechanisms align with ethical standards and compliance regulations, ensuring the integrity and fairness of AI-generated insights.

Versioning and Traceability

To maintain accountability and transparency, Simpli utilises tools like Langfuse for versioning prompts and workflows. This supports auditability, making it easier to trace changes and ensure compliance.

Deployment and Runtime Security

Simpli’s applications are designed for scalability and security, capable of running on private, public, or sovereign cloud infrastructures. Key deployment features include:

• Firewall and API gateway protection

• Network isolation and secure VPC configurations

• Real-time monitoring via OpenTelemetry tools

Clients benefit from detailed audit logs and the option to anonymise or delete logs to meet GDPR and other data processing requirements.

Engineering and DevOps Security

Secure coding practices are central to our development process. Simpli employs automated CI/CD pipelines, containerisation, and Kubernetes security measures. Sensitive information, like API keys, is securely stored in vaults, and regular vulnerability assessments and penetration tests ensure system resilience.

Data Flow and PII Management

Simpli follows a structured approach to handling PII:

1. Anonymisation: PII is replaced with placeholders before processing.

2. Processing: The anonymised data is sent to the AI agent.

3. De-Anonymisation: Original PII is reinserted after processing.

4. User Presentation: The final response is delivered with PII securely restored.

This workflow ensures compliance with regulations such as GDPR and HIPAA, minimising risks of data exposure.

Deployment Options for Maximum Security

Simpli offers flexible deployment options tailored to client needs:

1. On-Premise Hosting: Using models like Mistral or LLaMa within client environments for ultimate control and security.

2. Managed AI Platforms: Hosting models on platforms like Scaleway or Azure AI to balance security and ease of management.

3. Cloud AI Services: Leveraging services like OpenAI, with full PII anonymisation to ensure secure and cost-effective processing.

Conclusion

Data security and compliance are non-negotiable. Simpli’s robust security framework and advanced technological solutions provide clients with peace of mind, enabling them to focus on delivering exceptional client service. With Simpli, you can trust that your data is in safe hands.