Security

Encrypted and Secure
Security

Keeping your data secure is our most important job

More than 60,000 businesses and 5 million users in over 175 countries trust Smartsheet to manage business-critical projects and business processes. There's nothing we take more seriously than earning and keeping your trust. That's why we protect all customer data with a rigorous combination of infrastructure and procedures.

Smartsheet was built from the ground up with strict security requirements and protocols to secure your data, give you control of user access, and to provide you with methods to safely share information with collaborators inside and outside your organization.

Iconography for Data Center Security

Data Center Security & Redundancy

  • Multi-site data redundancy
  • Top tier hosting at Rackspace and AWS facilities
    1. Facilities are AICPA SOC 1 examined and tested and ISO 27001 Certified
    2. Monitoring: Biometric scanning protocols, continuous surveillance
  • Threat monitoring with internal network intrusion detection system and dedicated firewall
  • 24 x 7 x 365 production environment management
  • 99.9% uptime since 2006 launch
Iconography for Data Security

Data Security

  • Data encryption: all durably stored data stored with NIST approved ciphers
  • Internal security
    1. Third-party assessment by external security firm
    2. Quarterly administrative access audit
  • Multi-layer data access permissions
    1. Partner Security
    2. Policy & procedure review
  • Third-party assessment requirements to conform to security policy and procedure
Iconography for User Security

User Security

  • Global security controls to manage and audit access, ownership and usage:
    1. Account administration
    2. Administrators can globally manage employees and company-owned content
    3. User account auditability
    4. Edit, remove, and transfer licenses
    5. Transfer content and rights
    6. Customizable Enterprise welcome screen for required internal user acceptance
  • Reports and visibility
    1. Org access reports
    2. User reports
    3. User login report
  • Permissions
    1. Granular role-based permissions for sheets and workspaces
    2. Permission levels for control and access: view only, edit data, modify sheet structure, and share with others
    3. Data editing limitations (edit requests)
  • Audit trail showing who has made every sheet change
  • Authentication and Single Sign-On
    1. Direct authentication
      1. Passwords protected by key-stretching hash functions
    2. Google Authentication
    3. Azure Active Directory (Enterprise only)
    4. SAML2 Integration (Enterprise only)
      1. Supported Identity Providers- ADFS, Okta, OneLogin, Ping Identity, VMware Horizons, Shibboleth
  • Configuration
    1. Global configuration of plan and users
    2. Automated user provisioning available
    3. Account settings for features and working days
HIPAA Statement

Under HIPAA, certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Smartsheet customers who are subject to HIPAA are advised to refrain from storing PHI in Smartsheet. Smartsheet does not enter into Business Associate Agreements (BAA).

Questions? Concerns?

For information about other compliance frameworks such as FERPA, ITAR, or FedRAMP, please contact us at compliance@smartsheet.com. For more details about Smartsheet security, read our Security Policy, Security Whitepaper, and Privacy Policy. If you find a security issue with our product, please contact us at security@smartsheet.com or call us directly at 425-283-1870.