Secure and Compliant Document Management, Purpose-Built for Accounting Firms
Meet the highest security standards in the industry. SmartVault is SOC 2 Type 2 compliant and helps your firm meet FTC Safeguards and IRS 4557 requirements to protect sensitive client data, stay audit-ready, and win client trust year-round.
Built to Protect Your Firm And Your Clients
Your reputation depends on how well you protect client data. That’s why SmartVault makes security and compliance the foundation of everything we do.
SOC 2 Type 2
Compliance
IRS Publication 4557 Compliance
Multi-Factor Authentication (MFA)
AES-256 Encryption
ISO 27001
The 5 Security Must-Haves for Accounting & Tax Firms
Are They Certified & Compliant?
SmartVault: SmartVault meets SOC 2 Type 2, ISO 27001, and ISO 22301 standards and helps your firm stay compliant with IRS 4557 and the FTC Safeguards Rule.
How Do They Protect Your Firm’s Data?
SmartVault: SmartVault encrypts data in transit and at rest, enforces MFA, and offers permission-based access controls and secure client portals. Our infrastructure is monitored 24/7/365 to detect and respond to threats, while you retain control over internal activity.
Do They Train Their Employees on Security?
SmartVault: All employees complete cybersecurity training, phishing simulations, and operate under strict access controls. Devices are protected with policies that prevent data loss and support secure remote access.
How Do They Handle Security Incidents?
SmartVault: SmartVault monitors systems continuously, responds immediately to risks, delivers regular security updates, and communicates proactively with customers about any potential impact.
What’s Their Track Record with Security & Reliability?
SmartVault: With 100% uptime during tax season, zero major breaches, and enterprise-grade infrastructure, SmartVault is trusted by over 30,000 accounting and tax professionals.
Real Risks. Real Consequences.
Learn how one firm’s lack of backups led to lost data, ransom payments, and near shutdown.
SmartVault prevents these outcomes with:
- Automatic secure backups
- Access logs to detect suspicious behavior
- Instant file restoration from version history
- Role-based access controls
Know the Difference: SOC 2 Type 1 vs. Type 2
Most vendors stop at the bare minimum. SmartVault meets the gold standard. Don’t be fooled by vague claims of “SOC 2 compliance.” Type 1 is a snapshot in time. Type 2 proves your vendor’s security controls work every day, over time.
Why SOC 2 Type 2 Matters:
-
Ongoing Verification: Audited over 6–12 months, not just once
-
Stronger Risk Protection: Shows you’ve taken all reasonable steps
-
Built for Trust: Preferred by firms serving high-value clients
-
Backed by Action: Continuous monitoring, backups, and WISP support
Vendors that don’t specify? Almost always just Type 1.
SmartVault? SOC 2 Type 2 and built for firms like yours.
Prepare for the Unexpected with Secure Data Backup
From power outages to office floods to ransomware – data loss happens fast.
Why It Matters:
- Most data loss comes from human error, not just hackers.
- Downtime = lost revenue, lost clients, and potential fines.
- Recovery is only possible if you’re prepared.
SmartVault’s Built-in Backup & Recovery Includes:
- Automated cloud-based backups
- Version history & file restoration
- Secure offsite storage
- Always-on accessibility, even during disasters
Secure File Sharing for Accountants
Your clients rely on you to safeguard their sensitive information. Sending files over email is no longer safe or compliant.
SmartVault makes it easy to:
- Share files through encrypted links, not email
- Control access with custom permissions
- Use branded portals for secure collaboration
- Ensure client communications meet IRS & FTC guidelines
Questions Every Security-Minded Firm Must Ask
Is my data encrypted when I use SmartVault?
Yes. All data is encrypted in transit using SSL to protect your documents, passwords, and login sessions from interception. Data is also encrypted at rest using AES-256 encryption—the same standard trusted by banks and government agencies.
How does SmartVault control who can access my documents?
Access to your documents is controlled through authenticated logins. Only users you authorize can view or interact with your files. You can also track activity with SmartVault’s built-in Activity Log, which shows who has been granted access and who has accessed your documents.
What types of data does SmartVault classify and how is it handled?
SmartVault classifies data into two categories:
-
Confidential Data: Includes document content, credit card numbers, and password hashes. This data is highly restricted and can only be accessed by screened employees with your permission. SmartVault follows PCI DSS security protocols to protect all confidential data.
-
Sensitive Data: Includes metadata like email addresses, document and folder names. While less critical, this information is still protected and only accessed to support account and system management. We recommend not placing confidential data in file or folder names.
What can I do to further protect my SmartVault account?
Security is a shared responsibility. Here’s how you can do your part:
-
Sign out when not using the platform
-
Use strong, unique passwords and change them every 90 days
-
Never share your password, even with SmartVault support
-
Assess your firm’s unique protection needs—you can use third-party encryption for added security before uploading documents
Where is my data stored and backed up?
SmartVault uses Amazon Web Services (AWS) to host your data on highly secure, scalable infrastructure. Your data is stored in multiple geographic regions, using redundant, replicated storage, and is backed up regularly to ensure availability and durability.
How does SmartVault support compliance with industry regulations?
SmartVault helps firms meet requirements for HIPAA, FINRA, SEC, IRS 4557, and the FTC Safeguards Rule. Our platform includes features like audit trails, role-based permissions, and encryption to support a compliant document workflow. We also provide WISP templates through our Compliance Vault.
Can SmartVault employees access my data?
SmartVault employees cannot access your confidential data without your explicit permission. Any access is logged and audited. Employees are trained on data protection protocols and operate under strict internal access controls.
Where do I report security concerns?
Our top priority is making SmartVault safe for all of our users. We are very confident in our security technology. But if you suspect a vulnerability, please report it through this GetBusy suspected vulnerabilities form.
Take the Stress Out of Compliance
The Federal Trade Commission (FTC) enacted the Standards for Safeguarding Customer Information – the Safeguards Rule – in 2003 to help businesses protect consumer and customer data. The Safeguards Rule stems from the Gramm-Leach-Bliley Act (GLBA), which is the United States Law requiring financial institutions to protect the integrity, confidentiality, and security of customer data. Companies needed to be compliant by June 9, 2023 to comply. Learn more →
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law requiring health care organizations to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of patient information. Under HIPAA, covered entities include health plans, health care clearinghouses, and health care providers regardless of size who electronically store or transmit any health information in connection with any transactions for which HHS (Department of Health and Human Services) has adopted a standard. Learn more →
The General Data Protection Regulation, became effective on May 25, 2018. Simply put, EU citizens now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed of. GDPR clarifies how the EU personal data laws apply even beyond the borders of the EU. Learn more →
Financial Industry Regulatory Authority (FINRA) is a government-authorized organization that oversees United States broker-dealers. The organization helps ensure that the broker-dealer industry operates fairly. FINRA is the successor to the National Association of Securities Dealers, Inc. (NASD). Learn more →
As an independent agency of the U.S. federal government, the U.S. Securities and Exchange Commission (SEC) maintains fair and efficient markets and facilitates capital formation to protect investors. It enforces federal securities laws and regulates the securities industry, electronic security markets, and the U.S. stock and options exchanges. The SEC was created in the Securities Exchange Act of 1934. Learn more →
Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain how they share information to their customers and safeguard their data. A financial institution is any company that offers consumers financial products or services. Learn more →
The California Consumer Privacy Act (CCPA) is a state law that went into effect on January 1, 2020. This law provides California residents (consumers) more control over their data and requires companies to be more transparent with what data they are collecting and how they are using that data. Learn more →
System and Organization Controls (SOC) 2 reports are independent third-party examination reports that demonstrate how an organization achieves key compliance controls and objectives. Learn more →
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 167 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure. Learn more →
The SmartVault Business Continuity Management System integrates directly with our Information Security Management System (ISO 27001) and supports the operations underlying our service offerings. Learn more →
The Cloud Security Alliance (CSA) is a non-profit organization whose mission is to “promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Learn more →
SmartVault has completed a HECVAT self-assessment for our cloud-based products. The self-assessment details our alignment with industry standards and the security built into our products and infrastructure. Learn more →
