Trust And Security

SmartSuite is safe and secure

Protecting customer data is fundamental to SmartSuite. Privacy and security are prioritized in our platform and infrastructure. Our highest priority is user trust, and we strive to continually enhance SmartSuite's security.

Monitor and play icon
Data Encryption

All communications with SmartSuite are HTTPS encrypted, and data at rest is encrypted with the AES-256 algorithm.

Key icon
Security Lifecycle

Security is a fundamental part of SmartSuite’s application development lifecycle and is incorporated into the design, development, testing and deployment processes.

Stacked folders Icon
PCI-DSS

SmartSuite runs on the PCI compliant AWS platform, leveraging secure tools and platforms to ensure that all transaction data is protected.

Notebook icon
Security Monitoring

SmartSuite monitors security 24/7 and leverages a variety of detection tools and services to ensure that the platform is safe, secure and always available.

Rocket icon
Strong Authentication

Two-factor authentication (2FA) and SAML-based Single Sign-on (SSO) are supported for Enterprise subscribers.

Car Icon
Privacy

SmartSuite adheres to a strict privacy policy and is GDPR-compliant to ensure that your personal data is always protected.

Separation line

Enterprise Grade Security and Compliance

Advanced permissions and roles put you in control of data access, and our secure AWS-based platform makes user experiences seamless while maintaining security. Robust history logging and audit features, coupled with recycle bin soft-delete and login tracking ensure that you always know who modified your environment or data.

Enterprise Grade Security and Compliance
Shield Icon

Permissions

User access controls control system modification and data access rights

Shield Icon

Activity History

Changes to SmartSuite structure and content are logged with user and date

Shield Icon

Recycle Bin

All deleted files and structures (such as fields) can be restored from the recycle bin

Shield Icon

Login History

User logins are stored, including source IP address and times stamp

Shield Icon

Active Sessions

Admins can view active sessions and length, and can terminate sessions

Shield Icon

AWS Enviroment

SmartSuite runs on the AWS cloud platform for the best in security and availability

SmartSuite ISO 27001 certification

ISO/IEC 27001

ISO/IEC 27001:2022 is a specification from the International Organization for Standardization (ISO) for information security management systems (ISMS). SmartSuite's certification recognizes the strength of our information security management system. Please contact your account manager or sales@smartsuite.com for more information.

Learn more

SmartSuite ISO 27001 certification

SOC-2 Type 2

SmartSuite has also achieved SOC-2 Type 2 compliance, certified by the American Institute of CPAs (AICPA). This certification stands as proof of our dedication to securing your data while it resides within our systems. SmartSuite undergoes an annual SOC 2 Type 2 audit, demonstrating our ongoing commitment to meeting the most rigorous security, availability and confidentiality standards in the industry. Please contact your account manager or sales@smartsuite.com to request SmartSuite's latest report.

Learn more

smartsuite hippa

HIPAA

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a regulation issued by the U.S. Department of Health and Human Services (HHS). It serves as a national standard to protect the security and privacy of protected health information (PHI). SmartSuite has undergone a formal third party HIPAA compliance audit, conducted by Prescient Assurance. Businesses subject to HIPAA can confidently use SmartSuite to support HIPAA-compliant work management.

Please contact your account manager or sales@smartsuite.com if you are interested in signing a BAA with SmartSuite.

smartsuite gdpr

GDPR

Privacy and security are fundamental to SmartSuite’s product development and customer service. We rigorously assess all our practices to safeguard your information. In alignment with Europe’s General Data Protection Regulation (GDPR), SmartSuite has undergone a formal third-party GDPR audit conducted by Prescient Assurance.

SmartSuite not only complies but also assists our customers in doing the same. Our advanced permissions model supports access control at the workspace, solution, record and field levels to ensure the security of your organization's data.

For detailed insights into how we handle customer data, please refer to our global privacy policy.  Contact your account manager or sales@smartsuite.com if you are interested in entering into a Data Processing Agreement (DPA) with SmartSuite.

SmartSuite is powered by the secure AWS platform

AWS Cloud
Platform

For your uncompromising security, SmartSuite is hosted by Amazon AWS, which supports more security and compliance certifications than any other Cloud vendor, including: PCI-DSS, HIPAA/HITECH, FedRAMP, FIPS 140-2, NIST 800-171 and GDPR.

Learn more about Amazon’s compliance programs.

Advanced permissions ensure the right people have access

Advanced
Permissions

Easily restrict access by member and team or use advanced settings to assign Admin, Editor, Contributor or View-Only access to teams or individuals.

Flexible authentication options support your organization's needs

Authentication

Methods

SmartSuite supports secure cloud authentication using Google, Microsoft and Apple accounts to reduce the burden of login for users. Available for Web and mobile (iOS and Android), this option allows for the use of existing accounts to log in to SmartSuite - no need for an additional password.

Secure your account with two-factor authenticaion (2FA)

Two-Factor
Authentication

Professional and Enterprise accounts come with an added layer of security by requiring additional information in addition to a username and password. Users have the option to receive a text message on their mobile device or use a code from an authentication app to complete their login process.

IP restrictions in SmartSuite

IP Address
Restrictions

SmartSuite includes an advanced security feature: the ability to specify IP Address Restrictions for your Workspace. With this powerful tool, you can establish a whitelist of trusted IP addresses or IP ranges. Users will only be granted access to your workspace if they connect from these authorized addresses, enhancing security and control over your environment.

session management in SmartSuite

Session Management

SmartSuite supports auditing of Member sessions, allowing admins to access detailed login information to monitor user activity and behavior. SmartSuite Administrators can choose to terminate any active session, providing control and a the ability to enforce security measures. This monitoring suite equips SmartSuite admins with the tools to safeguard the integrity of SmartSuite and your organization's data.

data loss prevention

Data Loss Prevention (DLP)

SmartSuite supports a robust API infrastructure designed to integrate with third-party vendor services that monitor the inflow and outflow of sensitive data to the platform. These systems empower administrators with proactive capabilities to safeguard the integrity and confidentiality of critical information. By leveraging this functionality, organizations can implement comprehensive data protection measures, ensuring compliance with regulatory standards and bolstering the security posture of their SmartSuite environment.

SmartSuite
Security Policy

SmartSuite has a formal security policy that is followed across the organization, and all employees, partners and contractors are required to adhere to its standards.

SmartSuite Security Policy