All communications with SmartSuite are HTTPS encrypted, and data at rest is encrypted with the AES-256 algorithm.
Security is a fundamental part of SmartSuite’s application development lifecycle and is incorporated into the design, development, testing and deployment processes.
SmartSuite runs on the PCI compliant AWS platform, leveraging secure tools and platforms to ensure that all transaction data is protected.
SmartSuite monitors security 24/7 and leverages a variety of detection tools and services to ensure that the platform is safe, secure and always available.
Two-factor authentication (2FA) and SAML-based Single Sign-on (SSO) are supported for Enterprise subscribers.
SmartSuite adheres to a strict privacy policy and is GDPR-compliant to ensure that your personal data is always protected.
Enterprise Grade Security and Compliance
Advanced permissions and roles put you in control of data access, and our secure AWS-based platform makes user experiences seamless while maintaining security. Robust history logging and audit features, coupled with recycle bin soft-delete and login tracking ensure that you always know who modified your environment or data.
.png)
Permissions
User access controls control system modification and data access rights
Activity History
Changes to SmartSuite structure and content are logged with user and date
Recycle Bin
All deleted files and structures (such as fields) can be restored from the recycle bin
Login History
User logins are stored, including source IP address and times stamp
Active Sessions
Admins can view active sessions and length, and can terminate sessions
AWS Enviroment
SmartSuite runs on the AWS cloud platform for the best in security and availability
ISO 27001
Our ISO 27001 certification, awarded by the International Organization for Standardization (ISO), recognizes the strength of our information security management system. It's a clear indicator of our commitment to adhering to globally recognized best practices for protecting sensitive information. ISO 27001 certification isn't just a checkbox for SmartSuite; it's a strategic investment in your data's security.
Learn more
SOC-2
In addition to ISO 27001, SmartSuite has also earned SOC-2 Type 1 compliance, certified by the American Institute of CPAs (AICPA). This certification stands as proof of our dedication to securing your data while it resides within our systems. Additionally, SmartSuite has begun its SOC-2 Type 2 monitoring period, which ensures that our security protocols aren't just implemented but consistently maintained over time.
Learn more
AWS Cloud
Platform
For your uncompromising security, SmartSuite is hosted by Amazon AWS, which supports more security and compliance certifications than any other Cloud vendor, including: PCI-DSS, HIPAA/HITECH, FedRAMP, FIPS 140-2, NIST 800-171 and GDPR.
Learn more about Amazon’s compliance programs.
Advanced
Permissions
Easily restrict access by member and team or use advanced settings to assign Admin, Editor, Contributor or View-Only access to teams or individuals.
Authentication
Methods
SmartSuite supports secure cloud authentication using Google, Microsoft and Apple accounts to reduce the burden of login for users. Available for Web and mobile (iOS and Android), this option allows for the use of existing accounts to log in to SmartSuite - no need for an additional password.
Two-Factor
Authentication
Professional and Enterprise accounts come with an added layer of security by requiring additional information in addition to a username and password. Users have the option to receive a text message on their mobile device or use a code from an authentication app to complete their login process.
IP Address Restrictions
SmartSuite includes an advanced security feature: the ability to specify IP Address Restrictions for your Workspace. With this powerful tool, you can establish a whitelist of trusted IP addresses or IP ranges. Users will only be granted access to your workspace if they connect from these authorized addresses, enhancing security and control over your environment.
Session Management
SmartSuite supports auditing of Member sessions, allowing admins to access detailed login information to monitor user activity and behavior. SmartSuite Administrators can choose to terminate any active session, providing control and a the ability to enforce security measures. This monitoring suite equips SmartSuite admins with the tools to safeguard the integrity of SmartSuite and your organization's data.
Data Loss Prevention (DLP)
SmartSuite supports a robust API infrastructure designed to integrate with third-party vendor services that monitor the inflow and outflow of sensitive data to the platform. These systems empower administrators with proactive capabilities to safeguard the integrity and confidentiality of critical information. By leveraging this functionality, organizations can implement comprehensive data protection measures, ensuring compliance with regulatory standards and bolstering the security posture of their SmartSuite environment.
HIPPA & GDPR
At SmartSuite, safeguarding our customers' success and data integrity stands as our paramount priority. Operating globally, we steadfastly adhere to the stringent standards outlined in the General Data Protection Regulation (GDPR) and the Healthcare Information Portability Act (HIPAA).
While formal certifications are not issued for GDPR or HIPAA compliance, SmartSuite has proactively taken measures to ensure adherence to both regulatory frameworks. Through strategic collaboration with a reputable third-party security firm, Prescient Security, we conduct thorough audits to validate compliance with HIPAA and GDPR regulations. Our commitment extends beyond mere compliance; we continuously enhance our security infrastructure and practices, implementing robust measures such as data encryption in transit and at rest, meticulous backup protocols, comprehensive logs, and vigilant security alerts.
SmartSuite
Security Policy
SmartSuite has a formal security policy that is followed across the organization, and all employees, partners and contractors are required to adhere to its standards.
