Industrial-Strength Security

SMS was built to incorporate all security best practices; we’re committed to security transparency with our clients


  • All data is encrypted in transit and at rest
  • All data is processed by a secure API gateway, there are no publicly accessible repositories of any data or media
  • Security guidance comes from 10 years of ISACA IT audit experience
  • Two-Factor authentication (2FA) is built into every deployment of SMS
  • SMS does not require nor store any personally identifiable or financial information
  • Password complexity and expiry rules are definable by each client

Security: Our First Consideration

SMS was built for business, this means we started by understanding the security needs of our corporate partners and ensuring our design of SMS would always meet or exceed these needs. Our experience in IT Audit has taught us that adhering to all best practices, in all facets of our software, is the only option when it comes to building secure systems. This means SMS was designed with the following needs in mind:

  • No data nor any media will ever be stored on a publicly accessible platform
    • All data and media must be housed within a virtual private cloud (VPC) unaccessible from the Internet
  • Client app must enforce all best practices on logical user access including:
    • Minimum password complexity rules
    • Password expiry rules
    • Role-based permissions
    • Brute-force protections
    • 2FA mechanism
  • All data must be encrypted in transit and at rest
  • No personally identifiable or financial information is required or stored
  • Secure RESTful API is the only medium for moving both data and media to the VPC
  • Backups are automated and encrypted within our VPC in multiple regions

We are proud to have built SMS carefully and with a security focus, thus we are always willing to discuss and demonstrate our security details with our clients. Please contact for further enquiries.