Security is a top priority at SmartRIA and we understand how important your data is to you and your clients. We realize that we have been entrusted with a significant amount of sensitive information and do not take this responsibility lightly. Our team works diligently to continuously improve security processes and controls and to make sure the data we hold is secure.
SmartRIA handles data with the utmost care and integrity, designing our systems with industry standard information security best practices, and continuously test to find and fix vulnerabilities. Whether it’s encrypting data from end to end, creating company policies, utilizing tools, or providing you with user access control features, we want customers to have confidence in the systems and services handling sensitive workloads as they are transported, processed, and stored.
This page details some of the things we do as part of our security efforts. It is nowhere near comprehensive, but we hope this helps paint the picture that we take security very seriously.
To start, no matter how good our technical security is, if we are lax in our personnel processes, we aren’t secure. Towards this end, we require background checks for all employees, even if they don’t have access to customer data. For those employees that do have access to any data in the company, we utilize the principle of least privilege, meaning that we give access to the minimum amount of data an employee needs to effectively do their job function.
We have monthly employee security training sessions for all employees where we do things such as: discuss recent security bulletins, dissect and explain both real and fake phishing email examples, and watch security training videos. Our technical staff subscribes to security bulletins from the Cybersecurity and Infrastructure Security Agency, the SANS Institute, and security mailing lists for technologies that we utilize and often share insights with the rest of the staff.
We provide LastPass accounts for all employees, require two-factor authentication, and very strong passwords.
Data security is multi-faceted and you may have heard the terms “Data in Motion” or “Data at Rest”. Data in motion (or transit) is when your browser sends or receives information between your computer and a company’s application servers. If data isn’t encrypted between them, people can steal the information including passwords and sensitive data. We utilize encrypted sessions using an AES-256-CBC encrypted security certificate. Once the data reaches our servers and become “at rest”, we encrypt the data and have a series of keys for it to be unlocked. This is important because if someone were to get inside our servers, they wouldn’t be able to see plain text passwords, addresses, phone numbers, account descriptions, etc. We also have data backups of everything and all backups are encrypted.
If at any time data is compromised, we pledge to immediately notify our customers of that event and to keep all involved parties informed as to the status and remediation of that situation. To date, no such event has occurred at SmartRIA, and we work hard every day to ensure that remains the case.
SmartRIA offers our customers 2-factor authentication (2FA) and secure password policies and features to help our customers do their own part to maintain the security of theirs and their clients’ data.
If you would like, please contact us for up to date documentation of our policies, procedures and technical security measures, or view these documents and statuses and hundreds of other major vendor profiles in our Data Governance platform.