AES 256 Encrypted Software

Maximize Security and Compliance for Your Business Documents

Make sure your valuable digital assets are protected. We’ve engineered SmartVault from the ground up to deliver maximum security for all files you collaborate on internally and with clients. SmartVault is built with bank-level security and with compliance in mind.

SmartVault is Built with a Security-first Mindset

Our team works hard to ensure that SmartVault’s single platform is the most secure way to confidently store and share your documents. We continually evaluate and seek to improve our security technology and procedures.

Your Data is Secure While in TransitAll interactions with SmartVault occur over an encrypted channel. We employ SSL to protect your documents, passwords, and interactions with SmartVault from eavesdropping.
Your Data is Secure While at RestSmartVault encrypts your documents and all information stored in our databases at rest. The data is encrypted using AES-256. More details can be found in our Security FAQ.
How Your Data is Stored

SmartVault is designed to allow access to documents via authenticated logins. In other words, documents stored in SmartVault are only accessible if you log into the service or share the documents with another individual that must log into the service. SmartVault employs an Activity Log that you can use to review:

  • Who has been granted permissions to access documents?
  • Who has actually accessed documents?

SmartVault classifies the information you store in SmartVault into two categories: confidential data and sensitive data.

Confidential Data

Confidential data includes the contents of documents, credit card account number, and password hashes. Confidential information is accessible by a limited number of SmartVault employees; however, SmartVault has processes and technologies which forbid access to that data without your express permission. Staff with this level of access are screened and trained on SmartVault’s security controls designed to protect your privacy. Auditing mechanisms are in place to detect any violation of this policy. SmartVault uses the Payment Card Industry (PCI) Data Security Standard (DSS) as an actionable framework to provide a robust security process. This standard is designed to protect credit card information; however, SmartVault employs this framework as a tool across all confidential information – including your documents. This framework provides us a security process that incorporates prevention, detection, and appropriate response to security incidents. The PCI Security Standards Council provides more information regarding PCI DSS.

Sensitive Data

Information not deemed confidential is considered sensitive. Sensitive information includes your email address, account name, document names, folder names, and other metadata. For this reason, we recommend that you never include confidential information (such as social security numbers, credit card numbers, etc.) in document names, folder names, or description fields. In effect, confidential information should only be included inside an actual document. Sensitive information may be used by SmartVault employees to troubleshoot problems, resolve account management issues, and support marketing efforts. Our staff is trained on the need to protect sensitive information. View the SmartVault Privacy Policy. SmartVault hosts your data using services provided by Amazon Web Services (AWS). Amazon Web Services are trusted and relied upon all over the world to provide highly secure and scalable infrastructure. Learn more about Amazon Web Services security here, including their System & Organizational Control (SOC) report.

Your Data is Securely Backed UpYour documents and metadata are always stored using highly redundant replicated storage. Multiple copies of metadata and documents are stored in multiple geographical locations and backed up regularly to ensure data availability.
Compliance RequirementsMany of our customers face compliance pressure when it comes to managing sensitive customer information and documents. SmartVault’s security practices and Activity Log can support a document workflow that is complies with regulations like HIPAA, FINRA, SEC, and more.
Your Role in Protecting Your Assets

Protecting your assets is a team effort between you and SmartVault, and we take this partnership very seriously. As such, we feel it is critical to help you do your part. Security is a tough balance between protection and efficiency. Just as military fortifications are very secure, they are hard to enter and exit. The additional procedures Protecting your assets is a team effort between you and SmartVault, and we take this partnership very seriously. As such, we feel it is critical to help you do your part. Security is a tough balance between protection and efficiency. Just as military fortifications are very secure, they are hard to enter and exit. The additional procedures that secure the facility effectively slow down operations within. That being said, we want to provide you guidance on measures that you can take to improve your protection, and still meet your business needs.

Here are some simple steps that every SmartVault user should employ:

  • Protect your session by signing out of the service when not in use
  • Use good password practices, such as:
    • Using a strong password (lowercase, uppercase, numbers, symbols, etc.)
    • Changing your password every 90 days
    • Not using the same password you use at other sites or other computers
    • Not sharing your password with anyone, including SmartVault employees. (SmartVault employees are never allowed to ask you for your password.)
  • Assess your own, unique data protection needs

Further, we encourage our customers to assess their own, individual data protection needs. For example, if you require additional data protection beyond what the SmartVault service provides, you can use third-party encryption systems to encrypt documents before storing them in SmartVault.

Where Do I Report Security Concerns?

Our top priority is making SmartVault safe for all of our users. We are very confident in our security technology. But if you suspect a vulnerability, please report it through this GetBusy suspected vulnerabilities form.

Allow SmartVault to Manage Document Security for You

We take the responsibility of protecting your business’s sensitive documents very seriously. SmartVault is built with a security-first mindset, and we never compromise.

Have Confidence That Your Data Is Protected Icon
Have confidence that your data is protected

Your data is encrypted – which means it’s scrambled and unreadable – during transit and while at rest using AES-256. We employ Secure Socket Layer (SSL) to protect your documents, passwords, and interactions with SmartVault from eavesdropping.

Control Access And Track Every Activity Icon
Control access and track every activity

You maintain control over which users have access to your data. Approved users must verify their identity via two-factor authentication (2FA) to access it. SmartVault users can also see exactly what’s happening, like who created, accessed, downloaded, and deleted documents.

Back Up Data Securely Icon
Back up data securely

Automatic data backup means you won’t lose anything to natural disasters, power failures, or human errors. Your documents and metadata are always stored using highly redundant replicated storage. Multiple copies of files are stored in multiple geographical locations and backed up regularly.

Take the Stress Out of Compliance

Protecting data isn’t just a best practice. For many, it’s the law. SmartVault supports compliance with most major worldwide regulations.

Have more questions? Schedule time with a document management specialist.
FTC
The Federal Trade Commission (FTC) enacted the Standards for Safeguarding Customer Information – the Safeguards Rule – in 2003 to help businesses protect consumer and customer data. The Safeguards Rule stems from the Gramm-Leach-Bliley Act (GLBA), which is the United States Law requiring financial institutions to protect the integrity, confidentiality, and security of customer data. You now have until June 9, 2023 to comply.
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law requiring health care organizations to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of patient information. Under HIPAA, covered entities include health plans, health care clearinghouses, and health care providers regardless of size who electronically store or transmit any health information in connection with any transactions for which HHS (Department of Health and Human Services) has adopted a standard.
GDPR Compliance
The General Data Protection Regulation, became effective on May 25, 2018. Simply put, EU citizens now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed of. GDPR clarifies how the EU personal data laws apply even beyond the borders of the EU.
FINRA Compliance
Financial Industry Regulatory Authority (FINRA) is a government-authorized organization that oversees United States broker-dealers. The organization helps ensure that the broker-dealer industry operates fairly. FINRA is the successor to the National Association of Securities Dealers, Inc. (NASD).
SEC Compliance
As an independent agency of the U.S. federal government, the U.S. Securities and Exchange Commission (SEC) maintains fair and efficient markets and facilitates capital formation to protect investors. It enforces federal securities laws and regulates the securities industry, electronic security markets, and the U.S. stock and options exchanges. The SEC was created in the Securities Exchange Act of 1934.
GLBA Compliance
Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain how they share information to their customers and safeguard their data. A financial institution is any company that offers consumers financial products or services.
CCPA Compliance
The California Consumer Privacy Act (CCPA) is a state law that went into effect on January 1, 2020. This law provides California residents (consumers) more control over their data and requires companies to be more transparent with what data they are collecting and how they are using that data.
SOC 2 Compliance
System and Organization Controls (SOC) 2 reports are independent third-party examination reports that demonstrate how an organization achieves key compliance controls and objectives.
ISO 22301:2019 Compliance
The SmartVault Business Continuity Management System integrates directly with our Information Security Management System (ISO 27001) and supports the operations underlying our service offerings.
Cloud Security Alliance
The Cloud Security Alliance (CSA) is a non-profit organization whose mission is to “promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
HECVAT (Higher Education Cloud Vendor Assessment Toolkit)
SmartVault has completed a HECVAT self-assessment for our cloud-based products. The self-assessment details our alignment with industry standards and the security built into our products and infrastructure.
FAQs
When you have the right technology in place, compliance doesn’t have to be complicated. You can learn more about how SmartVault helps you stay in compliance with major worldwide regulations without slowing down your business processes from relevant FAQ sections provided on this website.
Get Started Now

Open a free trial account to get started now.

Start Free Trial
See SmartVault in Action

Book a 15-minute demo to see exactly how SmartVault can work for your business.

See A Demo
SCROLL TO TOP