Security PolicyWe go to great lengths to keep your data safe and secure |
|
Last Updated: June 17, 2011 Your trust is our most important asset. All customer data that Smartsheet.com stores is protected by a rigorous suite infrastructure and procedures. To achieve the highest levels of physical and data protection that today’s businesses require, Smartsheet.com maintains a robust, and comprehensive multi-level security environment. Physical securityThe Smartsheet.com application is hosted on dedicated servers in a SAS 70 certified data center in Dallas, Texas. The data center provides 24-hour physical security which is strictly monitored using keycard protocols, biometric scanning protocols and continuous surveillance. A dedicated Cisco firewall provides a strong barrier of network security from the internet. Additionally, we utilize Amazon’s S3 service to securely store and serve uploaded files. Data encryptionSmartsheet.com uses proven SSL technology from the most trusted providers to encrypt all data transmissions between your device and our servers. Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption, to ensure that your data is safe, secure, and available only to registered users in your organization. User AuthenticationEach user in your Smartsheet.com environment has a unique user name (their e-mail address) and password that must be provided each time a user logs on. Smartsheet.com issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the user name or password of the user. Smartsheet.com does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. All account login attempts are logged, and account lockout policies are automatically applied after a certain number of failed login attempts. Operational ManagementPolicies and procedures have been developed and implemented to ensure that your data is secure and backed up to multiple physical locations. Access to all Smartsheet.com production systems and data is limited to authorized members of the Smartsheet.com system operations team. Our team is continually evaluating new security threats and implementing updated countermeasures to prevent unauthorized access or unplanned downtime. Audit and AssuranceAll administrative access to protected data is reviewed on a quarterly basis by internal auditors to ensure it is used only in the context of responding to customer service matters. Smartsheet.com conducts an audit of production systems on a semi-annual basis with an external security firm to proactively find and resolve new attack vectors. DisclosureSmartsheet maintains a policy of full event disclosure. In the event of any data breach, a notification will be sent to your account administrator. A full explanation and follow-up will be available on our blog at http://www.smartsheet.com/blog. EngagementIf you find any security issue with our products please contact us at security@smartsheet.com or call us directly at 425-283-1870 to file a security incident report. If you are concerned or suspect that your Smartsheet or partner identity has been compromised, please call 425-283-1870 to initiate an immediate freeze and conduct an audit of access to your account. |
||