Spend less time worrying about compliance and more time running your business
Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Unless you have signed a Business Associate Agreement with Smartsheet, you may not store PHI in Smartsheet. HIPAA compliance is dependent on your adherence to the Smartsheet HIPAA Implementation Guide. The guide provides information on features and security controls that must be adjusted to ensure HIPAA-compliance. For more information please visit the Smartsheet for Healthcare page.
The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. Smartsheet completes annual SOC 2 Type 2 and SOC 3 reports for our work execution platform. For more information on our SOC reports, please contact [email protected].
Educational institutions subject to FERPA must use cloud services in compliance with FERPA requirements. Smartsheet can help customers understand product security controls as well as establish appropriate contractual reassurances that Smartsheet will manage student information appropriately and according to the institution’s direction. Smartsheet will make a number of contractual commitments upon request to support educational institutions with whom Smartsheet has entered into a Subscription Agreement. Please contact [email protected] for more information on these commitments or with any questions you may have about FERPA compliance with Smartsheet.
Payment Data Safeguards
PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis. Smartsheet utilizes PayPal and CyberSource for processing all payment card transactions. Using these partners means personally identifying payment card data is never visible to any Smartsheet employee, and is never stored in the Smartsheet data store. All payment processing is performed using PCI DSS compliant merchant services.
Financial institutions subject to the Gramm-Leach-Bliley Act (“GLBA”) must assess whether and how it may use cloud services like Smartsheet in compliance with GLBA requirements. Smartsheet can help customers understand the privacy and security controls for our products. Smartsheet contractually commits to maintaining certain security safeguards. Please contact [email protected] for more information on how Smartsheet can support customers with obligations under GLBA.
Smartsheet provides the tools to support your compliance with certain national, regional, and industry-specific requirements governing the collection and use of individuals’ data. If you need more information on our compliance offerings, find a security issue with our products, or are concerned or suspect that your Smartsheet account has been compromised, please contact us at [email protected] or call us at 844-324-2360.Contact Sales