Security & Data Protection

Last Updated: February 2025

Welcome to the Smart Risk Sheets Security & Data Protection page. We must maintain the confidentiality, integrity, and availability of your risk-related information.

We design Smart Risk Sheets using trusted Google Workspace capabilities, enabling businesses of all sizes to adopt professional-grade risk management without the complexity or cost of enterprise software.

Security Philosophy

Smart Risk Sheets believes that governance and risk data must remain secure, restricted to authorized users, and never exposed to unnecessary third parties. Our solution is built entirely within the Google Workspace ecosystem, leveraging:

✅ Google Sheets as the secure data system.
✅ Google Apps Script securely stored under user ownership.
✅ Google Drive for protected storage.
✅ Google accounts for identity and access.

Users retain full control of where their data lives, who can see it, and whether any integrations are enabled.

Data Ownership and Residency

Smart Risk Sheets does not store, manage, or export your data outside your own Google account. All data remains inside:

• Your Google Sheets
• Your Google Drive storage

Smart Risk Sheets has no backend database or cloud infrastructure that holds customer data. This ensures compliance with corporate data governance models, including regional residency requirements.

No External Access Without Consent

We never access your risk register data without explicit authorization. For support cases where permission is granted, access remains strictly time-limited with a clear audit trail. Users may remove access at any time.

API Key Security (AI Features)

When AI insights are used — such as analytical risk insights from OpenAI — users must provide their own OPENAI_API_KEY, stored in Google Apps Script Script Properties, which provides:

✅ Key is encrypted at rest.
✅ Key is not visible to other spreadsheet users.
✅Key is not stored by Smart Risk Sheets. ✅ Key can be removed or rotated anytime.

Data sent to OpenAI is minimal and controlled by the user. (See AI Transparency Statement)

Access Controls & Permissions)

Smart Risk Sheets leverages the robust Google sharing model:

We strongly recommend granting Editor rights only to trained users.

Automated Formula Protection

To maintain integrity:

✅ Supporting logic sheets hidden by default.
✅ Calculated fields protected from overwriting.
✅ Validations prevent incorrect entries

These safeguards minimize accidental data corruption.

Version History & Recovery

Google Sheets allows customers to:

• Roll back any change at any time.
• Track changes by user.
• Compare versions for audit transparency

These safeguards minimize accidental data corruption.

Third-Party Integrations

Smart Risk Sheets does not sell or share data with third parties. Optional integrations:

We do not integrate with ad networks or analytics tools within the Spreadsheet environment.

Security Vulnerability Reporting

We support proactive security reporting. If you believe you have found a vulnerability:

📩 security@smartrisksheets.com
⏱ Response within 48 hours
✅ Severity-based remediation

Summary Commitment

Smart Risk Sheets is built to help businesses manage their own risks — securely. We commit to the following principles:

✔ You own your data.
✔ We do not mine or resell information.
✔ Transparency in how AI is applied.
✔ Industry-standard protection via Google systems.
✔ Continuous improvements in alignment with ISO & COSO

Get Templates

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by