Providing trust and confidence on a global scale

More than 6,500 customers trust Smarsh to protect their most valuable asset

Security and compliance

Smarsh maintains the highest commitment to the security of your data. Our data centers, including those of Azure, AWS and AWS GovCloud, are equipped with strong security controls. All of our data centers are fully redundant, with externally audited SSAE16 SOC 2 reports, floor-to-ceiling walls, key-card biometric readers, and 24-7 surveillance and security. 

At Smarsh, we have organized our security program in compliance with the ISO 27001 standard, which gives us a framework for quality and sustainability. Our ISO 27001 certification demonstrates the continued commitment of Smarsh to information security at every level. It serves as an assurance to our customers that information security management practices are a priority throughout the organization, maintaining confidentiality, integrity, and availability for our customers and their data. Other features of our security and compliance offering include:

  • Secure configuration using industry standard benchmarks
  • Data encryption, both in transit and at rest
  • Authentication, single sign-on and multi-factor identification
  • Proactive performance and security monitoring, including vulnerability management and remediation
  • Regular independent application and network security penetration testing
  • Robust business continuity and disaster recovery programs, including periodic testing for effectiveness
  • Physical and logical data center access restrictions; access is granted only to certain Smarsh employees, with rigorous background checks prior to access
  • The Smarsh Professional Archive successfully underwent an audit for HIPAA / HITECH in 2020
  • All data stored in an immutable, WORM-compliant format to satisfy FINRA, SEC, CFTC, FCA, MiFID II and other regulatory requirements*

    *For specific advice regarding your compliance with laws and regulations applicable to your business, you should consult an attorney


There is no higher priority at Smarsh than the privacy of our customers' data. Unless legally required to do so, or directed by our customers, Smarsh does not share customer data with third parties. Factors relevant to our privacy stance include:

  • Clients have the ability to access and delete their data archived with Smarsh
  • Personal data processed on behalf of clients is retained as long as it is required for the provision of services, or for the length of time requested by our clients
  • Smarsh employs CIPP-trained privacy and security personnel

Patented Technology Leadership

When you choose Smarsh as your technology partner, trust that you are selecting a leader in both patents and industry accolades.

Still have questions?

Talk to our team who will walk you through our partner models and the different options to fit your business.