Our Certifications & Accreditations
|SmartUse engages in annual voluntary SOC 2 examinations. SmartUse reports on controls at a service organization relevant to security.||SmartUse is rated by BBB (Better Business Bureau) with A+, which is the highest rating available. BBB assigns ratings by evaluating businesses against a large set of criteria, with the goal of offering consumers and businesses alike an unbiased source to guide them on matters of trust.||SmartUse is PCI DSS compliant. PCI DSS is the most important security standard for the card payment industry and includes a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.|
|SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated. SecurityScorecard Ratings offer easy-to-read A-F ratings across ten groups of risk factors including Network Security, DNS Health, Patching Cadence, Endpoint Security, IP Reputation, Application Security, Cubit Score, Hacker Chatter, Information Leak, and Social Engineering.||The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).|
Application Availability, Reliability and Security
We realize that your business depends on submitting accurate and timely bids, and are committed to delivering a system with industry-leading security, availability and reliability. This document outlines the infrastructure and operational best-practices SmartUse employs to safeguard our customers’ data and achieve our guaranteed 99.9% uptime.
Data Security Protections
SmartUse contracts with the leading cloud service providers to host all customer data in physically secure data centers with redundant power supplies and internet backbone connections.
SmartUse team member access to customer data is restricted based by job function. Team members are provided with the minimum access required to perform their duties.
All communication between the customer’s browser and the SmartUse application is encrypted while in transit. Sensitive customer data such as passwords are encrypted at rest, and are unavailable to any SmartUse team member.
The SmartUse team monitors site access logs daily, and triages any suspicious or unusual activity.
Critical components of the SmartUse web application are hosted in two data centers on opposite sides of the United States. In the case of one datacenter becoming incapacitated, the SmartUse operational team can redirect customers to the other datacenter with minimal downtime.
SmartUse servers are redundant by role, with multiple servers of each role available to serve customer requests at all times.
The SmartUse platform will scale and add capacity, either automatically or by instruction of the operations team, as needed to accommodate customer workloads in a timely manner.
Critical user and application data is backed up continuously, and backups are maintained for at least 30 days.
Customer plan and document data is replicated in triplicate, so that any failure of the underlying storage system will not result in data loss.
The SmartUse team performs daily reviews of key application performance and availability metrics, and triages any deviations from normal.
We appreciate that you trust SmartUse with your business-critical information, and we take this responsibility very seriously. You can see our real-time and historical uptime and availability information here (status.SmartUse.com) on our status page. Should you have any questions, don’t hesitate to contact your CSM.