SmartVault Security — FAQs

Download Printable PDF Version >>

Where is my SmartVault data stored?

SmartVault hosts your data at CyrusOne, in Houston, Texas. The CyrusOne facility uses physical barri-ers, video surveillance, and a professional security staff to keep the data center secure and protected. CyrusOne also has a SAS 70 Type II Service Auditor's Report. This report is available by contacting Cy-rusOne directly. More information on CyrusOne's security can be found at http://www.cyrusone.com.

How do I know that my documents stored in SmartVault will always be available? What is the SLA?

The SmartVault Service Level Agreement is 99.9% uptime to ensure anywhere, any time access to your documents.

Does SmartVault have multiple data centers?

No. SmartVault believes we can offer customers a high level of availability, 99.9% uptime, using one data center. CyrusOne provides a highly reliable facility with 100% guarantees on bandwidth and power. They have redundant power, generators, and onsite diesel fuel.

Hurricane Ike struck Galveston, TX in September of 2008 as a Category 2 storm. Winds were over 110 mph. Hundreds of thousands of residents lost power in the greater Houston area. However, there was never an interruption of the SmartVault service. In addition, SmartVault constantly evaluates and reviews our scalability and reliability needs. Based on our assessments over the past three and half years, we do not believe that the introduction of an additional data center is required to meet our SLA of 99.9% uptime.

In the unlikely event of a catastrophic failure, SmartVault has offsite backups and a plan for keeping you informed. The SmartVault team would operate 24 hours around the clock to restore service. The Smart-Vault security team has extensive experience in bringing up parallel environments and would be able to quickly bring the service backup up with minimal disruption to your business.

How often is the data that I store in the SmartVault data center backed up?

SmartVault maintains copies of your files both in its live data center and in offsite backups. SmartVault can recover files deleted up to 90 days ago. Contact support@smartvault.com to request that a deleted file be restored.

What kinds of password policies do you enforce in SmartVault or can I enforce in SmartVault?

The SmartVault service currently only enforces a simple password policy - passwords must be a mini-mum of 6 characters. We recommend that businesses review their password needs and designate a password policy as part of their employee and client on boarding process. Employees and clients should be instructed in proper password handling, selection of appropriate passwords, and procedures for changing passwords in case of password compromise.

The SANS institute has a sample password policy available at http://www.sans.org/security-resources/policies/Password_Policy.pdf that you can use as a primer for developing your own password policy.

Does SmartVault use encryption?

Yes. SmartVault uses an encrypted AES-256 SSL channel when you or others you invite to your Smart-Vault account interact and communicate with SmartVault by uploading, viewing, and downloading docu-ments. This protects your documents, passwords, and other interactions with SmartVault from eaves-dropping.

SmartVault also encrypts backups of your documents and their metadata, and then stores these encrypt-ed backups offsite with Iron Mountain. Because of this, any backup media intercepted or lost in transit from SmartVault to the secure, offsite facility is non-recoverable by eavesdroppers.

Documents stored in the SmartVault data center are not encrypted at rest. However, documents at rest in the data center are segregated into a data network designed to protect confidential data. SmartVault uses the Payment Card Industry (PCI) Data Security Standard (DSS) as an actionable framework to provide a robust security process in this environment. If you require additional data protection beyond what the SmartVault service provides, you can use third-party encryption systems to encrypt documents before storing them in SmartVault.

How long has SmartVault been in business? What would happen to my documents if SmartVault goes out of business? How would I get my documents back?

SmartVault has been in business since 2007, and today thousands of business and accounting profes-sionals use SmartVault to store and share their business documents securely online.

In the unlikely event of business failure, SmartVault has a plan in place for gracefully transitioning your documents back to you. SmartVault also has business continuity insurance to protect against such an unexpected event.

In addition, you can always create an archive of the documents you have stored in SmartVault on your local computer or on a network drive at any time, on-demand, using the SmartVault Drive. Additional in-formation about how you can create an archive of your SmartVault documents on-demand on your local computer or on a network drive, is available here.

Can storing data on a server in my office be more secure than a cloud solution, especially if I do regular backups and store the backups offsite?

Storing data on a server in your office can be very secure, especially if you have good data security and disaster recover policies and processes in place. However, when determining if you want to store your data on a server in your office or in the cloud, ensure you evaluate the feasibility with regard to skills, cost, and available time to determine if you can realistically provide a more secure and compliant solu-tionlk. SmartVault uses the Payment Card Industry (PCI) Data Security Standard (DSS), available at https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf as an actionable security framework and strives to exceed the standard requirements. We evaluate our adherence to this standard annually. We encourage you to use this as benchmark to evaluate your own operations if you store documents on-site in your office.