Security

Security

Keeping your data secure is our most important job

More than 40,000 businesses and 2 million users in over 160 countries trust Smartsheet to manage business-critical projects and business processes. There's nothing we take more seriously than earning and keeping your trust. That's why we protect all customer data with a rigorous combination of infrastructure and procedures.

Smartsheet was built from the ground up with strict security requirements and protocols to secure your data, give you control of user access, and to provide you with methods to safely share information with collaborators inside and outside your organization.

Safe Harbor

TRUSTe

Data Center Security & Redundancy

  • Multi-site data redundancy
  • Top tier hosting at Rackspace and AWS facilities
    • Data centers publish SOC 1, Type II reports in accordance with SSAE 16
    • Monitoring: Biometric scanning protocols, continuous surveillance
  • Threat monitoring with internal network intrusion detection system and dedicated firewall
  • 24 x 7 x 365 production environment management
  • 99.9% uptime since 2006 launch

Data Security

  • Data encryption: all durably stored data stored with NIST approved ciphers
  • Internal security
    • Third-party assessment by external security firm
    • Quarterly administrative access audit
    • Multi-layer data access permissions
  • Partner security
    • Policy & procedure review
    • Third-party assessment requirements to conform to security policy and procedure

User Security

  • Global security controls to manage and audit access, ownership and usage:
    • Account administration
    • Administrators can globally manage employees and company-owned content
    • User account auditability
    • Edit, remove, and transfer licenses
    • Transfer content and rights
    • Customizable Enterprise welcome screen for required internal user acceptance
  • Reports and visibility
    • Org access reports
    • User reports
    • User login report
  • Permissions
    • Sharing permissions for sheets and workspaces
    • Permission levels for control and access: view only, edit data, modify sheet structure, and share with others
    • Data editing limitations (edit requests)
  • Audit trail showing who has made every sheet change
  • Authentication
    • SAML: Single Sign-On (SSO). SAML2, ADFS 2, Okta, OneLogin, Ping Identity, VMWare, Horizon, Shibboleth
    • Passwords stored with key-stretching hash functions
    • Google OpenID
  • Configuration
    • Global configuration of plan and users
    • Automated user provisioning available
    • Account settings for features and working days

HIPAA Statement

Software providers like Smartsheet that do not store, access, or use individually identifiable information are generally not "business associates" for purposes of HIPAA, and as such do not directly affect HIPAA compliance by healthcare providers or HIPAA "covered entities."

Questions? Concerns?

For more details, read our Security Policy, security whitepaper, and Privacy Policy. If you find a security issue with our product, please contact us at security@smartsheet.com or call us directly at 425-283-1870.