Security overview at Smarp
At Smarp we take information security extremely seriously and the objective of our information security policies is first and foremost to protect the data our clients are trusting us with. Information security is a critical business function that ensures our continuity and safeguards the trust our clients have shown in us. Information security is applied to all business functions and is a part of everyone’s day-to-day work.
Smarp is fully GDPR compliant and meets the rigorous demands of the General Data Protection Regulation in terms of data processing, data subject rights, data transfers, data hosting, and contractual arrangements between the parties involved.
Application security is taken into consideration throughout Smarp’s software development lifecycle and the software is developed with regard to industry best practices such as OWASP secure coding guidelines and web application security risks.
All data is encrypted in motion using a VPN and/or TLS connection (including HTTPS) and at rest when the data is archived using the AES-256 encryption algorithm.
Furthermore the application is periodically penetration tested for security vulnerabilities.
Data center security
We utilise a multi-vendor strategy to ensure the uninterrupted availability of the service. The datacenters we have chosen are state of the art facilities utilizing innovative architectural and engineering approaches for maximum security and continuity.
Smarp is ISO 27001 certified and audited yearly for compliance by an independent and accredited certification body.