Smartsheet Acceptable Use Policy (AUP)

Smartsheet is a cloud-based Project Management and Collaboration Tool. At Martin's Point, this tool is to be used for tasks such as Project Planning, Resource Planning, Dashboards, and allowing collaboration between Smartsheet licensed users and editors (non-licensed) users/project members. When using this tool, please take into consideration license cost to the company and whether you can achieve your goal with standard Microsoft Excel, SharePoint, or other approved applications.

Guidelines for Usage

  1. All created Sheets & Dashboards must be shared with the group: IT Admins for Smartsheet. This is responsibility of each Sheet Owner EVERY time a sheet or dashboard is created.
  2. In accordance with MPHC policy, no credit card or PCI (Payment Card Industry) data will be entered into Smartsheet.
  3. PHI (Protected Health Information) and PII (Personally Identifiable Information) can ONLY be entered into Smartsheet after a review with Legal & Compliance. USFHP/DoD derived data may not, under any circumstances, be entered in Smartsheet.
    1. Submit a Port Ticket for review by Legal & Compliance for any sheet containing (or planning to contain) PHI or PII. The Port ticket is entitled “SmartSheet – PHI Request”. If you are the Sheet Owner and have any question if the information you are entering into Smartsheet abides by the Martin's Point security guidelines, please submit your question (containing no PHI) to the IT Service Desk via the PORT.
    2. For any approved sheet that contains PHI or PII, it is up to the Sheet Owner to appropriately manage permissions so that those who can see the information in the sheet, adhere to the minimum necessary HIPAA guidelines.
  4. For security purposes, attaching any file to Smartsheet is disabled. Please store all project documentation in a LINK/SharePoint site for your specific project.
  5. Any new user request for Smartsheet must be made through The Port.
    1. All licensed users will be entered into Smartsheet with their @martinspoint.org email address by IT.
    2. All collaborative users (non-licensed) will be shared to via their @martinspoint.org email address. Please refer to Vendor Policy IT053 for more information on Vendor Access.
    3. IT administrators must retain permissions to access all sheets.
    4. Routine auditing will occur, and remedial action taken as needed.
  6. For more information on Acceptable Use at Martin's Point, reference policy IT004, the Acceptable Use Policy.
  7. Reviewing and Accepting the Acceptable Use Policy (AUP) will be required annually.