Trust Center

Security

Smartsheet’s security program includes a combination of security capabilities, practices, and safeguards. Our team continues to make significant investments so customers can innovate faster and operate with confidence.

Get the whitepaper

Capabilities

Practices

Safeguards

Least privilege by default

Control how information is shared to limit your risk profile. Smartsheet makes visibility intentional – content is only accessible to the author unless they choose to share it with other users.

Supported integrations

Integrate Smartsheet with your tech stack, including Microsoft Defender for Cloud Apps, McAfee MVISION Cloud, Azure Active Directory, Jira, Salesforce and more.

Built-in audit trail

Maintain a record of changes within Smartsheet with user activity logs built in to our Business and Enterprise Subscriptions.

Safe domain sharing

Restrict external sharing to only trusted domains or users. Reduce the potential for data loss using a safe sharing list.

Security architecture: Defense in depth

We implement a combination of people, process, and technology to support customer data confidentiality, integrity, and availability.

Full stack vulnerability response

We utilize a combination of industry-leading vulnerability management practices, such as network scanning, SAST and DAST application testing, and more to secure our application.

Incident detection and response

We provide 24/7 event, incident monitoring, and response services through our in-house incident response team, ensuring timely investigation and resolution.

Internal risk assessments

We continually assess and address risks, working with stakeholders across every department. Our Information Security Steering Committee (ISSC) is committed to advocating for industry best practices across the organization.

Encryption at rest and in transit

All data is stored with NIST-approved ciphers, proven transport layer security (TLS 1.2), AES 256 at-rest encryption, and Amazon’s S3 service to store and serve uploaded files.

Secure software development lifecycle (SSDLC)

Smartsheet maintains an agile methodology. Our development lifecycle is built using industry standards, scanning tools, and automation for a secure and cyclical process.

Bug bounty program

Penetration tests are a start, but to ensure continuous visibility into vulnerabilities that can go unseen, the more eyes the better! Smartsheet engages with HackerOne to offer a bug bounty for developers.

Penetration testing

Through partnerships with third-party vendors, Smartsheet’s security is tested across our applications and environments to ensure our platform conforms to our security standards.

Get in touch

Report a bug

If you think you’ve spotted something broken, report it and you may be eligible for compensation through our Bug Bounty Program.

Report abuse

If you suspect someone is abusing our platform or your account has been compromised, contact us.

Contact our security team

Looking for more information on Smartsheet security capabilities, practices, or roadmap? Our dedicated security team is happy to help.

Have questions?