SmartBots maintains effective controls over the security, confidentiality, and availability of its products and services to its customers. SmartBots follows ISO 27001 standards and follows SOC 2 procedures across the organization. SmartBots hosts service data in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC 2 compliance.
Security and Availability
Smartbots.ai prioritizes security and compliance through strict protocols, including regular vulnerability assessments. Our system is constantly monitored for intrusions and file integrity changes using advanced tools. We also employ a state-of-the-art security incident and event management system for optimal protection. Our dedicated security team is on constant watch, analyzing and addressing any potential threats or attack vectors around the clock
Enterprise-Grade Security
The SmartBots platform includes enterprise-wide security, including military grade encryption for data in transit and data at rest, access controls and entitlements, and multi-factor authentication to protect and secure data. We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. All communications with SmartBots servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and SmartBots is secure.
Encryption
- Encryption in Transit
All communications with SmartBots servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
- Encryption at Rest
All customers of SmartBots benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups.
Availability & Continuity
- Uptime
SmartBots ensures all services are able to be deployed or are live across multiple AWS availability zones (multi-AZ). AWS provides services that support multi-AZ automatically, such as, Relational Database Service (RDS) with native cross-region replication, and Elasticache. AWS Elastic Load Balancers are used where routing is needed to manage access to the multi-AZ assets.
- Disaster Recovery
SmartBots’ Disaster Recovery (DR) program ensures that the services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.
Application Security
- Security Training
At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and SmartBots security controls. SmartBots’ QA department reviews and tests the code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
- Separate Environments
Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments. Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Authentication Security
- Single sign-on (SSO)
Single sign-on (SSO) allows customers to authenticate users in their own systems without requiring them to enter additional login credentials for their SmartBots instance.
Two-factor authentication (2FA)
2 factor authentication can be turned on for admins and developers when using SmartBots sign-in on a SmartBots instance.
- API Security & Authentication
The SmartBots API is SSL-only and one must be a verified user to make API requests. Customers can authorize against the API using either basic authentication with username and password, or with a username and API token. OAuth authentication is also supported.
Compliance
SmartBots regards information as a highly valuable asset and it is important to protect the same. To achieve a high level of control over security, confidentiality and availability, we follow ISO 27001 standards, SOC 2 procedures and GDPR compliance standards.
SmartBots.ai provides all security controls necessary to support PCI compliance & HIPAA. SmartBots.ai services are in accordance with all the requirements envisioned under HIPAA and PCI DSS.
