All communications with SmartSuite are HTTPS encrypted, and data at rest is encrypted with the AES-256 algorithm.
Security is a fundamental part of SmartSuite’s application development lifecycle and is incorporated into the design, development, testing and deployment processes.
SmartSuite runs on the PCI compliant AWS platform, leveraging secure tools and platforms to ensure that all transaction data is protected.
SmartSuite monitors security 24/7 and leverages a variety of detection tools and services to ensure that the platform is safe, secure and always available.
Two-factor authentication (2FA) and SAML-based Single Sign-on (SSO) are supported for Enterprise subscribers.
SmartSuite adheres to a strict privacy policy and is GDPR-compliant to ensure that your personal data is always protected.
Enterprise Grade Security and Compliance
Advanced permissions and roles put you in control of data access, and our secure AWS-based platform makes user experiences seamless while maintaining security. Robust history logging and audit features, coupled with recycle bin soft-delete and login tracking ensure that you always know who modified your environment or data.
Permissions
User access controls control system modification and data access rights
Activity History
Changes to SmartSuite structure and content are logged with user and date
Recycle Bin
All deleted files and structures (such as fields) can be restored from the recycle bin
Login History
User logins are stored, including source IP address and times stamp
Active Sessions
Admins can view active sessions and length, and can terminate sessions
AWS Enviroment
SmartSuite runs on the AWS cloud platform for the best in security and availability
ISO/IEC 27001
ISO/IEC 27001:2022 is a specification from the International Organization for Standardization (ISO) for information security management systems (ISMS). SmartSuite's certification recognizes the strength of our information security management system. Please contact your account manager or sales@smartsuite.com for more information.
Learn more
SOC-2 Type 2
SmartSuite has also achieved SOC-2 Type 2 compliance, certified by the American Institute of CPAs (AICPA). This certification stands as proof of our dedication to securing your data while it resides within our systems. SmartSuite undergoes an annual SOC 2 Type 2 audit, demonstrating our ongoing commitment to meeting the most rigorous security, availability and confidentiality standards in the industry. Please contact your account manager or sales@smartsuite.com to request SmartSuite's latest report.
Learn more
HIPAA
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a regulation issued by the U.S. Department of Health and Human Services (HHS). It serves as a national standard to protect the security and privacy of protected health information (PHI). SmartSuite has undergone a formal third party HIPAA compliance audit, conducted by Prescient Assurance. Businesses subject to HIPAA can confidently use SmartSuite to support HIPAA-compliant work management.
Please contact your account manager or sales@smartsuite.com if you are interested in signing a BAA with SmartSuite.
GDPR
Privacy and security are fundamental to SmartSuite’s product development and customer service. We rigorously assess all our practices to safeguard your information. In alignment with Europe’s General Data Protection Regulation (GDPR), SmartSuite has undergone a formal third-party GDPR audit conducted by Prescient Assurance.
SmartSuite not only complies but also assists our customers in doing the same. Our advanced permissions model supports access control at the workspace, solution, record and field levels to ensure the security of your organization's data.
For detailed insights into how we handle customer data, please refer to our global privacy policy. Contact your account manager or sales@smartsuite.com if you are interested in entering into a Data Processing Agreement (DPA) with SmartSuite.
AWS Cloud
Platform
For your uncompromising security, SmartSuite is hosted by Amazon AWS, which supports more security and compliance certifications than any other Cloud vendor, including: PCI-DSS, HIPAA/HITECH, FedRAMP, FIPS 140-2, NIST 800-171 and GDPR.
Learn more about Amazon’s compliance programs.
Advanced
Permissions
Easily restrict access by member and team or use advanced settings to assign Admin, Editor, Contributor or View-Only access to teams or individuals.
Authentication
Methods
SmartSuite supports secure cloud authentication using Google, Microsoft and Apple accounts to reduce the burden of login for users. Available for Web and mobile (iOS and Android), this option allows for the use of existing accounts to log in to SmartSuite - no need for an additional password.
Two-Factor
Authentication
Professional and Enterprise accounts come with an added layer of security by requiring additional information in addition to a username and password. Users have the option to receive a text message on their mobile device or use a code from an authentication app to complete their login process.
IP Address Restrictions
SmartSuite includes an advanced security feature: the ability to specify IP Address Restrictions for your Workspace. With this powerful tool, you can establish a whitelist of trusted IP addresses or IP ranges. Users will only be granted access to your workspace if they connect from these authorized addresses, enhancing security and control over your environment.
Session Management
SmartSuite supports auditing of Member sessions, allowing admins to access detailed login information to monitor user activity and behavior. SmartSuite Administrators can choose to terminate any active session, providing control and a the ability to enforce security measures. This monitoring suite equips SmartSuite admins with the tools to safeguard the integrity of SmartSuite and your organization's data.
Data Loss Prevention (DLP)
SmartSuite supports a robust API infrastructure designed to integrate with third-party vendor services that monitor the inflow and outflow of sensitive data to the platform. These systems empower administrators with proactive capabilities to safeguard the integrity and confidentiality of critical information. By leveraging this functionality, organizations can implement comprehensive data protection measures, ensuring compliance with regulatory standards and bolstering the security posture of their SmartSuite environment.
SmartSuite
Security Policy
SmartSuite has a formal security policy that is followed across the organization, and all employees, partners and contractors are required to adhere to its standards.
