Trust Center

Security

Smartsheet’s security program includes a combination of security capabilities, practices, and safeguards. Our team continues to make significant investments so customers can innovate faster and operate with confidence. 

Get the whitepaper

Capabilities

Practices

Safeguards

trusted-secure

Least privilege by default

Control how information is shared to limit your risk profile. Smartsheet makes visibility intentional – content is only accessible to the author unless they choose to share it with other users.

Supported integrations

Integrate Smartsheet with your tech stack, including Microsoft Defender for Cloud Apps, McAfee MVISION Cloud, Azure Active Directory, Jira, Salesforce and more.

Blue magnifying glass

Built-in audit trail

Maintain a record of changes within Smartsheet with user activity logs built in to our Business and Enterprise Subscriptions.  

permissions

Safe domain sharing

Restrict external sharing to only trusted domains or users. Reduce the potential for data loss using a safe sharing list.

security

Security architecture: Defense in depth

We implement a combination of people, process, and technology to support customer data confidentiality, integrity, and availability. 

Report Abuse

Full stack vulnerability response

We utilize a combination of industry-leading vulnerability management practices, such as network scanning, SAST and DAST application testing, and more to secure our application.

alerts

Incident detection and response

We provide 24/7 event, incident monitoring, and response services through our in-house incident response team, ensuring timely investigation and resolution.

Blue multiple views icon

Internal risk assessments

We continually assess and address risks, working with stakeholders across every department. Our Information Security Steering Committee (ISSC) is committed to advocating for industry best practices across the organization.

Encryption

Encryption at rest and in transit

All data is stored with NIST-approved ciphers, proven transport layer security (TLS 1.2), AES 256 at-rest encryption, and Amazon’s S3 service to store and serve uploaded files.

Configuration

Secure software development lifecycle (SSDLC)

Smartsheet maintains an agile methodology. Our development lifecycle is built using industry standards, scanning tools, and automation for a secure and cyclical process.

Bug bounty program

Penetration tests are a start, but to ensure continuous visibility into vulnerabilities that can go unseen, the more eyes the better! Smartsheet engages with HackerOne to offer a bug bounty for developers. 

Developer

Penetration testing

Through partnerships with third-party vendors, Smartsheet’s security is tested across our applications and environments to ensure our platform conforms to our security standards.