Frequently Asked Questions
Do you have questions about SmartLockr? View the frequently asked questions here - hopefully, these will help you on your way! Is your question not listed? Please contact us and we will be happy to help you.
Is an API (Application Programming Interface) available?
Yes, SmartLockr uses an API. For more information about our API click here.
Does SmartLockr offer web services? REST (JSON) or SOAP XML?
SmartLockr offers a JSON interface with the following functions: creating a channel, creating and uploading an attachment in a message, reading, and deleting the aforementioned items.
Do the web services support authentication using the SAML2.0 or OAUTH protocol?
The authentication of the API is done through the OIDC client credentials flow.
Can data be read or loaded via a web service using e.g. parameters?
Yes, that's possible.
Does SmartLockr support web services for Remote Portlets (WSRP)?
No, there is no support for Remote Portlets (WSRP).
Can users be automatically created based on a web service?
That depends on the extent to which this is necessary in combination with Active Directory Integration.
Can users be automatically mutated based on a web service?
That depends on the extent to which this is necessary in combination with Active Directory Integration.
Can any organizational structure available for reporting purposes be automatically maintained via a data link?
No, that is not possible.
Can SmartLockr be linked to systems such as source systems, from which (automatically) messages can be sent or systems for archiving?
Yes, this can be done in several ways. SmartLockr stores sent emails in the "sent items", so they are archived in the normal way. In addition, SmartLockr has an SMTP Relay Service, which can relay e-mail traffic via the SmartLockr environment and there is a SmartLockr API.
Is there an integration with Outlook (desktop), Office 365 and future versions thereof for the duration of the agreement? Both for the office workplaces and the Citrix workplaces?
Yes, these integrations are made possible. This applies to both the desk workstations and, for example, the Citrix workstations.
Is the application stable and does it work well? That is, does it meet the indicative requirement of 99.7% availability, on an annual basis excluding scheduled maintenance?
SmartLockr guarantees a minimum availability of 99.95%. In the past year, this was 99.98%.
Is performance monitoring present in the application?
SmartLockr uses Microsoft Application Insights, this information is not visible to customers.
How does backup take place?
The SmartLockr database supports Point-in-time Restore, through automating full backups, differential backups and transaction log backups.
Full database backups are made weekly, differential database backups typically every 12 hours, and transaction log backups generally every 5-10 minutes.
The frequency is based on the calculation size as well as the amount of database activity.
What are Recovery Point Objective (RPO) and Recovery Time Objective (RTO) times?
RTO is 1 hour, RPO is 5 seconds based on automatic recovery of Azure SQL databases: https://docs.microsoft.com/en-gb/azure/azure-sql/database/business-continuity-high-availability-disaster-recover-hadr-overview
What does the recovery plan look like? In the case of a multi-tenant device: In which place / sequence is the SPZ environment restored in the event of a crash / disaster?
Recovery is done automatically by the Business Continuity features of the Microsoft Azure platform: https://docs.microsoft.com/en-gb/azure/azure-sql/database/business-continuity-high-availability-disaster-recover-hadr-overview
End users do not have direct access to databases. Is access always indirect via the application?
Yes.
Can an individual be part of multiple roles/groups, which are possible in multiple combinations?
Yes, sender, recipient and/or administrator.
Can a user (manager) authorize a substitute himself?
Yes, this is possible in Exchange or Office 365.
Can authorizations be set separately for functionality and for data?
Yes, on functionality this is done by means of GPO and the administrator portal.
On data, this is done on the basis of access to a mailbox and adding a person to a portal.
Is the user interface adaptable based on the authorization profile?
Yes, that is partially possible.
Does the system provide an overview of the authorization settings per user?
Yes, but depends on how this is configured through GPO.
Does the system provide an overview of the authorization settings per group/role?
Yes, but depends on how this is configured through GPO.
Can the product use the roles/groups as assigned to a user in the AD?
Yes, that is possible.
Can authorizations be set by means of a web service/data link? In other words based on a delivery of data from another system.
Yes, if everything is configured via Active Directory.
Access
Is there an initial password?
There is an SSO integration with (Azure) Active Directory.
Does the application support Single Sign On (SSO) for end-user access?
Yes, SmartLockr supports SSO. You as an organization can decide for yourself whether this will be used.
Will the solution be linked to the municipality's Active Directory to enable SSO (ADFS).
Yes, SmartLockr has an integration with ADFS. This makes SSO easy to establish. This reduces the chance of errors when logging in and is therefore safe to use.
How does SmartLockr keep me the “owner” of the information in the email I send?
This is a question we often get. We understand the question as follows. If you send confidential information via a secure email, then you want to have the confidence that we will not (be able to) read the content of the email and with that information do things that may be detrimental to you. That's clear.
As indicated in other answers on this FAQ page, SmartLockr applies so-called "zero knowledge end-to-end encryption" and does not have the encryption key. This means that we are unable to read our saved email. You can delete the saved email yourself through the Admin Portal. So you have complete control and therefore remain the "owner" of the email stored with us.
Regulations and Compliancy
Does the application support the end user's two-factor authentication?
Every user has to log in once by means of two-factor authentication. The moment a recipient receives health information from your organization, they must also authenticate themselves once via 2FA.
Does the product support Security Assertion Markup Language (SAML 2.0) for SSO?
SmartLockr integrates with (Azure) Active Directory: other SSO integrations can be made from here.
Which security requirements does SmartLockr meet and which certificates have been obtained?
SmartLockr is ISO 27001: 2017, NEN 7510-01: 2017 and NTA 7516: 2019 certified .
Does SmartLockr agree to a processor agreement?
No. We only process personal data as processing manager. For that personal information, see our Privacy Statement.
But what about the sent email stored within the SmartLockr environment? Are you a processor for that saved email?
To be a processor, the data you process must be personal data. Personal data is all data about an identified or identifiable natural person. A natural person who can be identified directly or indirectly is considered to be identifiable. When storing sent e-mail, we apply so-called "zero knowledge end-to-end encryption". The email is fully encrypted for us and we do not have the encryption key. As a result, we do not have access to the e-mail. Because we do not have access to the email, we do not know and cannot know what is in the email and that information is passed on to the sender or recipient.
As a result, the stored email for SmartLockr is not personal data. If the emails for SmartLockr are not personal, then we are not a processor. Without a processor status, a processor agreement is not required.
Messages must not be intercepted while en route. What is the appropriate encryption in accordance with GDPR Article 32?
All connections to and from the SmartLockr platform are secured with TLS1.2 connections. Some strong encryption algorithms are used here.
Information must be highly encrypted, without access through the supplier. What is the appropriate encryption in accordance with GDPR Article 32?
SmartLockr cannot access the data, because everything is zero-knowledge end-to-end encrypted.
What are the "appropriate technical measures" to protect sensitive information?
Every time our system detects sensitive data, the user gets a notification or the 2FA becomes mandatory (to be determined by the administrator in the admin portal of their choice).
What solution does SmartLockr have for sending the wrong file accidentally?
We do this by means of verification screens, code words, Machine Learning and Artificial Intelligence. Every time our system dictates sensitive data, the user receives a notification or the encryption becomes mandatory (to be configured according to your own choice).
How are employees stimulated to achieve a high level of adoption and support?
Every time our system detects sensitive data, the user gets a notification or the 2FA becomes mandatory (to be determined by the administrator in the admin portal of their choice).
Are the results of SmartLockr's technical reviews and penetration tests available?
Yes, reports can be shared on request.
Which specific requirements of the NTA7615 standard are met? For which requirements is the product certified or when is the product certified?
SmartLockr is NTA 7516 certified, for all 17 principles that apply to suppliers. This means that as an organization you still have to meet 2 points in order to be fully covered for the basic principles. Although SmartLockr cannot directly arrange the other 2 points for your organization, we can help to meet these points as well.
Storage and archiving
Does SmartLockr always store security information with encryption?
Yes, everything is encrypted, sent encrypted and stored encrypted.
Is data encryption used for the data at rest? What does the key management look like, how is this secured? How can you access this?
SmartLockr uses Zero Knowledge End-to-end encryption and therefore does not store the key.
Is data loss/leakage prevention applied mechanically in the solution? If so, how is this and can I apply the policy?
Yes, this can be set through filters in the SmartLockr administrator environment.
Will all data remain within the EU? If so, where is data stored?
In the Azure Datacenter in Amsterdam, with a backup in Dublin (Ireland).
Does SmartLockr provide for the handling of operational data and the archiving thereof, with the minimum legal retention periods?
Yes, SmartLockr does.
Can data of an individual be easily exported within the application in the context of data portability?
Yes, it can.
Can data of an individual be easily deleted within the application in the context of the right to be forgotten?
Yes, it can.
Can all relevant data be downloaded for storage in its own archive - in a readable format?
Yes, it can.
Are tablets and smartphones supported for end-users?
Yes, any device can be used to use SmartLockr.
Does the mobile version offer the same functionality for an end-user?
Our goal is to prevent data leaks. This means that we take into account the use of our service on different devices. We think user-friendliness is very important.
That is why the functionalities on a mobile differ from those of, for example, the plug-in, because we take ease of use into account. This allows us to guarantee the high level of security that you are used to from the plug-in or the OWA.
What data is stored on the mobile device, for how long and is it stored locally?
No data is saved.
Does SmartLockr offer web access on a mobile device and is the web version optimized for mobile viewing?
Yes, that is possible.
Does SmartLockr offer a native app?
Yes, SmartLockr has a responsive web app.
Does the application provide a complete documentation set including the part: Configuration of the application components/subsystems?
Yes, SmartLockr is delivered complete.
Does the application provide a complete documentation set including the section: Web services/interface reference (if relevant)?
Yes, SmartLockr is delivered complete.
Does the application provide a complete documentation set including the section: Administration operations (Administrators manual)?
Yes, SmartLockr is delivered complete.
Can management remain within my own organization?
Yes, as an organization you retain control yourself.
Can the audit trail be consulted in the application?
Yes, via the administrator portal.
Is there an error / error log in the application?
All functions are provided with try-catch blocks so that every error in the application is logged. These logs can be securely shared with us from within the application.
Who can I contact as an administrator for functional and technical questions?
Our support team is available every working day to assist your administrators.
Do users need to be created within the application?
Users can be created through a link with Azure AD or ADFS.
Is it possible to set up authorizations at role / group level?
Access to SmartLockr is possible at user and group level, certain settings too. This can be done through the management environment and GPO settings.
Send large files
Is it possible to securely exchange large files?
Yes, you can use secure upload requests, secure upload portals and SmartLockr also offers the option to send a "secure message" or "secure file".
What is the maximum file size when sending attachments?
With Smartlockr one can exchange very large files. The maximum is 5TB per document. The speed of the system does not decrease while large files are being sent.
Are there limitations when sending or receiving certain file types (word, excel, csv, PDF, jpeg etc?)
No, every accessible format can be shared.
Can I safely request files from an external party, regardless of the systems used by this party?
With Smartlockr one can send upload requests in order to safely share files, one can also create upload portals on which relations and customers can share files with your organization in a safe manner.
Can I see whether a file has been opened or whether a link has been clicked on?
To see whether a data leak has occurred, we believe it is of utmost importance that communication is traceable and thus the user can see whether the email has been opened and whether the file has been downloaded.
Do I have insight into what has been shared with me, by whom and when?
SmartLockr archives all emails neatly in the Sent items.
Is it possible to share files with the same rights simultaneously, in which the file format can differ per document?
The user can share multiple files simultaneously with different file formats.
Is it possible to share a file with multiple people simultaneously, in which the recipients cannot see information from each other?
SmartLockr encrypts the entire message, including meta data such as on cc and bcc. This information is therefore not visible for anyone.
Is it possible to safely share through Outlook, with the so-called "drag and drop"?
Smartlockr seamlessly integrates into Outlook thus ensuring perfect sharing within Outlook.
Can I withdraw wrongly sent messages and gain insight into whether these have already been read?
With Smartlockr already sent messages can be blocked entirely, this is the case for other documents and recipients as well. This function concerns the user and the administrator too.
User-friendliness
Is SmartLockr easy to use for both the sender and the recipient?
Safety is one, but user-friendliness for the sender as well as the recipient is just as important. Smartlockr does not change anything about the work process of the sender or the recipient.
How does SmartLockr help the user handle sensitive information consciously, to prevent data leaks?
Data leaks are prevented by creating awareness among the user. We do this through verification screens, code words, Machine Learning and Artificial Intelligence. Every time our system detects sensitive data, the user receives a notification or the encryption becomes compulsory (can be adjusted according to your own preferences).
Is it possible for the user to send, receive and respond to secure e-mail from Outlook in a "secure conversation"?
Yes that is possible. SmartLockr offers several secure options for sending messages. Responses from this will be sent within the secure environment of SmartLockr. In this way, safe conversations are established and people continue to communicate safely.
How does SmartLockr adhere to article 39 of the GDPR: "increasing awareness"?
Data leaks are prevented by creating awareness among the user. We do this through verification screens, code words, Machine Learning and Artificial Intelligence. Every time our system detects sensitive data, the user receives a notification or the encryption becomes compulsory (can be adjusted according to your own preferences).
To what extent is the work process of our employees changed with the use of SmartLockr?
Because SmartLockr seamlessly integrates into Outlook, any adjustment to the work process is kept to its minimum.
Which actions are necessary when sending with two-factor-authentication?
To ensure this does not require too many actions or lead to irritation, Smartlockr makes use of Single Sign-on. This means that the sender as well as the recipient has to authorize a single time with two factors.
NTA7516 compliant recipients do not require another authentification, similarly to internal recipients (can do so). In order to send to external contacts, a telephone number has to be filled in by the sender.
Is 2-factor authentication via SMS possible? Are the telephone numbers displayed anonymously when using them?
Yes, that is possible. The telephone numbers are also displayed anonymously.
Can a digital signature be sent alongside it?
Yes, this is sent alongside with the e-mail in the same way it would without Smartlockr.
How easy is it for employees to read encrypted messages?
Employees can read incoming encrypted messages normally from their own inbox.
Is there support for functional inboxes via delegations to employees, including insight into which employee works from this inbox?
SmartLockr offers the product via a licensing model. A license goes per named user and functional mailboxes are free.
Can the user see whether a sent e-mail has been opened and can this e-mail be withdrawn with certainty, even if it was sent within the secure "NTA 7516 chain"?
Yes, the user can see whether a sent e-mail has been opened and can independently withdraw an e-mail with certainty, even if it has been sent within the secure "NTA 7516 chain". With the "tracking & blocking" function you can follow the sending status of an email.
Convenience for recipients
To what extent is the work process of the receiving parties affected by the use of SmartLockr?
When the recipient has been verified once (2FA), they will experience no changes in the work process.
Can non-SmartLockr users easily read messages and download files?
Yes, this is possible. It is of course very important that privacy-sensitive data is sent with optimal security. To ensure that this does not lead to many extra actions and irritation, SmartLockr uses Single Sign-on. This means that both sender and receiver only need to authenticate once with two factors. After that it will no longer be necessary.
NTA 7516 compliant recipients do not need to authenticate themselves (again), just like internal recipients (allowed). In order to send something to external contacts, a phone number must be entered by the sender.
Can guests respond to messages and send files (back)?
When an email arrives at the recipient, it can easily be replied to. This can be done in precisely the same manner as one would with regular Outlook email.
Can guests download messages for archiving and/or for use within their own email domain?
Messages can be archived with the single press of a button.
Communication often originates from the initiative of third parties. Can third parties easily seek contact in a safe manner?
Through the present communication portals, it is easy to make safe and secure contact, on one's own initiative.
Security options
How is the user assisted in deciding whether or not to email securely?
The user is assisted proactively. This is done by, among other things, recognizing sensitive personal data. Both data in the e-mail and attachments must be able to be scanned.
Is it clear for a user to see which mail is protected and which is not?
Yes, with SmartLockr there are several ways to send a secure message. This can be done with one or two factor authentication. In both cases, the recipient opens the received files / messages within the secure portals of SmartLockr.
Can I choose which application I use for secure emailing? For example: Outlook or Thunderbird?
Yes, this is possible. For awareness Outlook is often used. For an application without awareness there are other email-clients available through the SmartLockr Secure SMTP Relay Service.
How can mails safely be sent through webmail?
Next to the Outlook Client plug-in, SmartLockr also has a Web Add-on, to ensure webmail can be sent securely as well.
As an administrator, who can I contact for functional and technical questions?
Our support team is available every business day to be of service to your administrators.
How easily can employees opt for safety, in accordance with article 25 of the GDPR "Data protection by default"?
An admin can make these adjustments with SmartLockr. The admin can either allow a user the option or force it.
Can previous 2FA choices be reused and can these be shared between colleagues?
SmartLockr remembers the choice of the employee and can share this too.
Is it possible with this solution to e-mail securely outside of the municipal network?
Yes, SmartLockr is NTA 7516 certified and has taken measures to ensure secure communication outside the chain.
Are newly created functionalities made available (to the municipality) during the contract period?
Yes, new functionalities are part of our Intelligent Data Protection Platform. Our platform is constantly evolving and with that we want to help our customers permanently prevent data leaks. Developments contribute to our long-term vision.
In which areas does the product set itself apart in the market?
SmartLockr focuses on user-friendliness and awareness, unlike other suppliers in the market. Human error remains the main cause of data leaks and we want to prevent that in a safe and simple way. If your employees can work with the solution, then the most important security factors in your organization are secure.
Get in touch
Is your question not listed or do you want to receive more information about a specific topic?