Security at SmartBear

Your data. Our responsibility. Built-in trust at every layer.

Visit Trust Center Explore Products
AtlassianBMWJetBlueMicrosoftMetaZoomInfoCiscoMcGraw Hill

Security is core to everything we build

At SmartBear, security is not an afterthought — it's embedded into how we design, build, and operate our products.

Our customers trust us with their data, their workflows, and their businesses. We honor that trust by maintaining a comprehensive, risk-based security program aligned with industry-recognized standards and continuously evolving to meet emerging threats.

SmartBear security team

Our security commitment

SmartBear is committed to protecting the confidentiality, integrity, and availability of our products through a mature and independently assessed security program. Our approach includes:

  • Defense-in-depth security controls
  • Transparent and Responsible use of AI
  • Privacy by design
  • Continuous monitoring and improvement
  • Independent third-party validation
  • Straightforward customer communication
Visit the SmartBear Trust Center

Security governance & frameworks

SmartBear's security program is governed by a formal Information Security Program and aligns with widely adopted frameworks and standards. Our policies, standards, and controls are reviewed regularly to ensure continued effectiveness and alignment with business objectives.

SOC 2

Service Organization Control

ISO/IEC 27001

Information Security Management

GDPR & CCPA

Global Privacy Regulations

NIST CSF

Cybersecurity Framework

Protecting customer data

We apply layered security controls to protect customer data throughout its lifecycle.

Data protection

  • Data is classified and protected based on sensitivity
  • Encryption is used for data in transit and at rest
  • Access to customer data is restricted based on least privilege

Access control

  • Strong authentication and authorization mechanisms are enforced
  • Multi-factor authentication (MFA) is used for administrative and sensitive access
  • Access reviews are conducted periodically

Secure infrastructure

  • Production environments are logically segregated
  • Systems are hardened using secure configuration baselines
  • Vulnerabilities are identified and remediated through continuous scanning and testing

Secure product development

Security is integrated into SmartBear's software development lifecycle. These practices help ensure security risks are identified early and addressed before release.

  • Secure design and architecture reviews
  • Code scanning and dependency analysis
  • Vulnerability management and remediation
  • Controlled change management processes
Submit a vulnerability
Secure product development
Monitoring and incident response

Monitoring, detection & incident response

SmartBear actively monitors its environments to detect potential security events. In the event of a security incident impacting customer data, SmartBear follows established notification and response processes in accordance with contractual and regulatory requirements.

  • Centralized logging and monitoring are in place
  • Alerts are generated for suspicious or anomalous activity
  • A formal Incident Response Program defines procedures for identification, containment, remediation, and communication

Business continuity & resilience

We maintain business continuity and disaster recovery capabilities to support service availability and operational resilience.

  • Backups are performed regularly and tested
  • Business continuity plans are reviewed and exercised periodically

Third-party & supply chain security

SmartBear evaluates and manages security risks associated with third-party service providers.

  • Vendors are assessed prior to onboarding
  • Security requirements are incorporated into vendor agreements
  • Ongoing security and risk monitoring is performed for critical suppliers

Using AI securely & responsibly

SmartBear recognizes the transformative potential of AI — and the responsibility that comes with it. We continuously assess emerging AI risks and update our controls to ensure AI is used ethically, securely, and in compliance with applicable regulations.

  • Approved AI tools and use cases
  • Restrictions on sharing confidential or customer data with AI systems
  • Oversight by security, legal, and privacy stakeholders
  • Transparency in how AI is used in our products and operations

Security training & awareness

People are a critical part of security.

  • All employees receive regular security awareness training
  • Role-based training is provided for engineers and system administrators
  • Simulated phishing and awareness exercises help reinforce best practices

Compliance & independent assurance

SmartBear undergoes regular independent assessments to validate the effectiveness of our security controls. We believe trust is built through transparency, consistency, and accountability.

Customers can access compliance attestations and security documentation. For deeper technical details, reports, or customer-specific inquiries, please visit our Trust Center or contact your SmartBear representative.

Visit Trust Center Privacy Policy
Image

Ready to build with confidence?

Join 32,000+ teams who trust SmartBear to deliver application integrity at every stage of development. Start testing, designing, and observing with the platform built for AI speed and scale.

Explore ProductsContact Us