Last Updated: August 27, 2012
Your trust is our most important asset. All customer data that Smartsheet.com stores is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that today’s businesses require, Smartsheet.com maintains a robust and comprehensive multi-level security environment.
The Smartsheet.com application is hosted on dedicated servers in SSAE 16 Type II certified data centers in Dallas, Texas and Chicago, Illinois. The data centers provide 24-hour physical security which is strictly monitored using keycard protocols, biometric scanning protocols and continuous surveillance. A dedicated Cisco firewall provides a strong barrier of network security from the internet. Additionally, we utilize Amazon’s S3 service to store and serve uploaded files.
Smartsheet.com uses proven SSL technology from the most trusted providers to encrypt all data transmissions between your device and our servers. Secure Socket Layer (SSL) technology is designed to protect your information using both server authentication and data encryption and to ensure that your data is safe, secure, and available only to registered users authorized to view it. Additionally, our platform extends data protection to include AES 256 encryption before data is durably stored, commonly referred to as at-rest-encryption.
We have implemented policies and procedures designed to ensure that your data is secure and backed up to multiple physical locations. Access to all Smartsheet.com production systems and data is limited to authorized members of the Smartsheet.com system operations team. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access or unplanned downtime.
Audit and Assurance
All administrative access to protected data is reviewed on a quarterly basis by internal auditors to confirm that we use it only in the context of responding to customer service matters. Smartsheet.com conducts an audit of its production systems on a semi-annual basis with an external security firm to proactively find new attack vectors and security weakness.
Smartsheet maintains a policy of full event disclosure for security incidents that affect customer data. In the event of any security incident affecting your data, a notification will be sent to your account administrator. A full explanation and follow-up will be available on our blog at http://www.smartsheet.com/blog.
If you find any security issue with our products please contact us at firstname.lastname@example.org or call us directly at 425-283-1870 to file a security incident report. If you are concerned or suspect that your Smartsheet or partner identity has been compromised, please call 425-283-1870 so that we can help resolve the issue.