There’s nothing we take more seriously than earning and keeping your trust. That’s why we protect all customer data by a rigorous combination of infrastructure and procedures.
You and your teams can confidently collaborate and share project information knowing Smartsheet adheres to the industry’s highest levels of facility, network and data protection...and then some.
We architected our system and network from the ground up with one goal in mind: being relentless about data security.
Smartsheet uses proven SSL technology from the most trusted providers to encrypt all data transfers between your device and our servers.
Secure data centers
Smartsheet is hosted on dedicated servers in a SSAE 16 Type II certified data center with 24-hour physical security. It’s strictly monitored using keycard protocols, biometric scanning protocols and continuous surveillance.
Multiple backup locations
We have developed and implemented policies and procedures to ensure your data is secure and durable in multiple physical locations.
You can be confident your sheets are available when you need them; Smartsheet.com has consistently exceeded 99.9% uptime since it served its first subscriber in 2006.
Users and admins can trust their data is private, and in their control, at all times.
Smartsheet users can use their Google Open ID, Salesforce.com or unique username (email address) and password to authenticate. User passwords are never available in plain text anywhere in our system or customer communications.
When sharing content with others, you determine how much control and access they have over the content: View only, Editor, or Admin.
Comprehensive access reports
User specific and organization-wide reports provide insight into which users are shared company-owned content.
Users with System Administrator rights on Team plans and higher can transition ownership of content from one user to another.
System Administrators can globally remove employees (and non-employees) from company-owned content.
Detailed login reports
Complete visibility into user login date-time, IP address, and device information.
We understand HIPAA and can work with you to customize business rules for your own HIPAA compliance.
Software providers that do not store, access, or use individually identifiable information (like Smartsheet) are generally not "business associates" for purposes of HIPAA, and as such do not directly affect HIPAA compliance by health care providers or HIPAA "covered entities". That said, Smartsheet is continually innovating and investing in providing security protocols to help organizations comply with the law, including:
- Use of SSL technology to protect information using data encryption
- Ability to perform a comprehensive audit of data input, access and modification.
- Internal network intrusion detection systems
- Provide multi-layer data access permissions, authentication, and other controls
Robust system monitoring tools continuously track production systems, evaluating system availability and potential security threats. The Smartsheet technical operations team manages production environments 24x7x365.
Audit and assurance
We conduct quarterly audits to ensure access to protected data is reviewed to verify it is used only in the context of responding to customer service matters.
Ongoing threat assessments
Smartsheet uses an external security firm to conduct regulars audits of production systems to find and proactively resolve new threats.