Protecting your users and data with enterprise-grade security

Your data is your business, and protecting it is a priority. Smartsheet delivers enterprise-grade security, compliance, and privacy controls to safeguard your organization at scale.

Identity and access management

Secure and manage authentication and authorization.

Secure login and authentication

Flexible Single Sign-On (SSO) options, including SAML and OAuth, provide seamless and secure access for your organization.

Role-based access controls (RBAC)

Manage user roles and permissions with precision, leveraging your Identity Provider (IdP) for streamlined access control.

Directory integrations

Smartsheet provides seamless integration with Okta, Entra ID, and Google Workspace for streamlined user management.

Encryption and data protection

Protect your data at every stage — at rest, in transit, and in use.

Encryption at rest and in transit

Data is secured using industry-standard AES-256 encryption at rest and TLS 1.2/1.3 encryption in transit, ensuring confidentiality and integrity at every stage of the data lifecycle.

Data residency options

Choose where your data is stored to meet regional compliance and governance requirements with Smartsheet Regions.

Customer-Managed Encryption Keys (CMEK)

Maintain full control over data access by managing your own encryption keys for added protection and compliance.

Auditing and monitoring

Track and analyze system activity to strengthen security and compliance.

Activity log and cell history

Track user actions and data changes with detailed logs for each asset – accessible by end users – ensuring accountability throughout work planning and execution. 

Event reporting

Identify and respond to critical activity with real-time event reporting, capturing over 100 types of security and user activity events for a comprehensive audit trail. 

Security integrations

Extend event reporting with powerful security integrations, connecting to Skyhigh Security CASB for anomaly detection and Microsoft Defender for advanced threat protection.

Governance and admin controls 

Define and enforce enterprise-wide security policies.

Safe sharing

Restrict collaboration to only trusted users or domains, preventing unauthorized access by enforcing your organization’s security policies.

Data egress policies

Prevent unauthorized data transfers by controlling how information is downloaded, exported, or shared outside your organization.

Sharing and automation governance

Manage how information is shared and automated by controlling publishing permissions, embedding restrictions, and automation security settings to prevent unauthorized data exposure.

Ensuring compliance and effortless security integration


 

Compliance and certifications

Maintain compliance with rigorous security and compliance frameworks.

Security integrations

Integrate with enterprise security tools and identity providers.

SSO & directory sync — Enable seamless authentication and user management with integrations for Okta, Entra ID, Google Workspace, and Apple.

Security monitoring tools — Connect Smartsheet with leading tools like Microsoft Defender and Skyhigh Security CASB for threat and anomaly protection.

Secure API authentication — Protect API access with OAuth 2.0, ensuring security while respecting Smartsheet’s role-based access model.

Smartsheet Safeguard

Enhance data protection and governance with advanced security controls.

Learn more

Explore the enterprise-grade protections built into Smartsheet

FAQ

Smartsheet stores customer data in designated AWS regions based on the environment you’re using. Here’s where your data resides:

  • Smartsheet Commercial environment: AWS East regions (Virginia/Ohio)
  • Smartsheet Gov environment: AWS GovCloud West region (Oregon)
  • Smartsheet EU environment: AWS EU regions (Germany/Ireland)
     

Smartsheet's Business Continuity/Disaster Recovery implementation maintains current data through the use of three availability zones - essentially, data is backed up to separate AWS regions to ensure business continuity. The punchline? Smartsheet provides a 99.9% Availability SLA.

All data is encrypted in transit using TLS 1.2/1.3 encryption and at rest using AES-256 bit encryption. By default, Smartsheet provides and manages encryption keys on behalf of our customers, using AWS issued certificates, enhanced by Smartsheet's use of a private CA. Smartsheet also offers CMEK (Customer Managed Encryption Keys), as a premium capability for added protections. 

Smartsheet provides several types of exportable logs within the application, including reports on user login history, sheet access, and an asset-level activity-log, in addition to cell-level history within each asset. Additionally, Smartsheet offers Event Reporting as an advanced capability for enhanced monitoring of actions that occur in Smartsheet.

Smartsheet adheres to leading security and compliance frameworks, including SOC 2, ISO 27001, GDPR, and FedRAMP. Customers in healthcare can also use Smartsheet to receive, maintain, or transmit certain types of Protected Health Information (PHI) executing a Business Associate Agreement (BAA) with Smartsheet. For more details visit our Compliance page.
 

No, we do not. With AI, as in every area of our product, we remain fiercely committed to prioritizing customer data security and privacy. Smartsheet will never use your information to train our LLM providers’ models, nor do we aggregate or share your data across customers.

For more information, read our AI whitepaper.

Read our external security FAQs

Product Screen AI Generate Formula

Join the Enterprise companies revolutionizing work with Smartsheet.

Contact our team