TRUST CENTER

Compliance

Spend less time worrying about compliance and more time running your business

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for cloud services, and is one of the most stringent compliance processes a vendor can undertake. Smartsheet was selected for the FedRAMP Connect program by the Joint Authorization Board (JAB), which prioritized Smartsheet Gov for certification based on demand from federal government agencies. Smartsheet Gov is a new Smartsheet environment with FedRAMP Authorized status, making it easier for the U.S. government to use Smartsheet for managing their work while helping them meet their security and compliance requirements. For more information please visit the Smartsheet for Government page.

Smartsheet for Government

FERPA

Educational institutions subject to FERPA must use cloud services in compliance with FERPA requirements. Smartsheet can help customers understand product security controls as well as establish appropriate contractual reassurances that Smartsheet will manage student information appropriately and according to the institution’s direction. Smartsheet will make a number of contractual commitments upon request to support educational institutions with whom Smartsheet has entered into a Subscription Agreement. Please contact [email protected] for more information on these commitments or with any questions you may have about FERPA compliance with Smartsheet.

GLBA

Financial institutions subject to the Gramm-Leach-Bliley Act (“GLBA”) must assess whether and how it may use cloud services like Smartsheet in compliance with GLBA requirements. Smartsheet can help customers understand the privacy and security controls for our products. Smartsheet contractually commits to maintaining certain security safeguards. Please contact [email protected] for more information on how Smartsheet can support customers with obligations under GLBA.

HIPAA

Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Unless you have signed a Business Associate Agreement with Smartsheet, you may not store PHI in Smartsheet. HIPAA compliance is dependent on your adherence to the Smartsheet HIPAA Implementation Guide. The guide provides information on features and security controls that must be adjusted to ensure HIPAA-compliance.

Smartsheet for Healthcare

Payment Data Safeguards

PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis. Smartsheet utilizes PayPal and CyberSource for processing all payment card transactions. Using these partners means personally identifying payment card data is never visible to any Smartsheet employee, and is never stored in the Smartsheet data store. All payment processing is performed using PCI DSS compliant merchant services.

SOC

The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. Smartsheet completes annual SOC 2 Type 2 and SOC 3 reports for our work execution platform. For more information on our SOC reports, please contact [email protected].

SOC 3 Reports

Smartsheet provides the tools to support your compliance with certain national, regional, and industry-specific requirements governing the collection and use of individuals’ data. If you need more information on our compliance offerings, find a security issue with our products, or are concerned or suspect that your Smartsheet account has been compromised, please contact us at [email protected] or call us at 844-324-2360.

Contact Sales