SmartDraw: Security and Maturity

SmartDraw has been in business for over 22 years and has a comprehensively tested and dependable infrastructure and safe and secure processes you can rely upon.

External Audits and Testing

SOC 2 Type II

SmartDraw is audited each year by SSAE 16 Professionals ("SSAE"), one of the nation's leading firms specializing in SSAE 16 audits and readiness assessments. Each year, SSAE conducts a Service Organization Control (SOC) 2 Type II audit on the design and operating effectiveness of SmartDraw's internal controls and processes related to Security and Availability Trust Services Principles. SSAE has always found that SmartDraw meets or exceeds the expectations and is fully compliant to the standard.

When evaluating a cloud service provider, it's important to determine if the provider itself has submitted to a SOC 2 audit, or whether they simply refer to the credentials of their third-party hosting service like Amazon or Azure under the pretense that's all that matters. It does not matter how a well a third-party hosting service does its job, if the employees of the service provider who have access to systems and information are not following proper process and procedure. That's what the audit is designed to confirm.

You can learn more about the SOC2 Type II audit report here.

Soc2

PCI Review

In addition to the SOC 2 audit, SmartDraw also has a quarterly security review process conducted by a PCI Approved security firm which certifies our network, performs external penetration testing and vulnerability scans, and verifies that SmartDraw meets the current Payment Card Industry security standards.

SmartDraw PCI

Redundant Data Centers and Backup Processes

Data Centers

Reliability is critical to our customers, and reliability statistics from third-party hosting services like Amazon and Azure are simply not good enough for SmartDraw. Having tried third-party hosting in the past, we found that using dedicated hardware which is optimized for our unique applications allows performance and uptime that is unequalled in the industry. Accordingly, we selected two of the best Tier 4 data centers in two different states. To be considered a Tier 4 data center, all data center components must be fully fault-tolerant including uplinks, storage, chillers, HVAC systems, servers, power and the like. Everything is dual-powered with state of the art hardware we own and control and with full 1 GB connectivity between the sites. This permits us to have real time, continuous data replication between the data centers in multiple states.

Server icon

Backup Processes

In addition to our real-time replication between data centers, we completely back up your data onto separate storage systems, and sync it to a 3rd location. Our production systems are also continuously monitored by multiple external services which alert staff of any issues or problems should they occur.

Backup

Content Security

SmartDraw supports sign-on with a unique email address and fully encrypted password as well as single sign-on with your Google account, and individual user credentials are authenticated and verified with every transaction.

User content sent between the client or browser from which you access SmartDraw Cloud and SmartDraw's servers is sent over a secure channel using RSA 2048-bit (Secure Sockets Layer) encryption, the standard for secure Internet connections.

User content stored in the SmartDraw Cloud is fully encrypted using the AES-256 standard, which is the same encryption standard used by banks to secure customer data.

SmartDraw also provides administrative controls for site license customers that make it easy to for the administrator to control who may access the SmartDraw and how they can share documents, retain control of all documents, even those stored in the Cloud, and to consolidate multiple existing accounts and trials under a single license with full administrative control.

SmartDraw helps you control your data — and keep it yours.

SmartDraw AES shield

SmartDraw secure cloud