At Shuttlerock we lead with a security-first mindset. This combined with world-class cloud services enables Shuttlerock to stay ahead of the competition and deliver highly secure, reliable CaaS services to our clients.
The Shuttlerock Trust Center provides the latest information on our approach to security, privacy and compliance.
Partnered with the world’s leading digital platforms
Technical Security
At Shuttlerock we use a wide range of techniques and tools to ensure client data and privacy is protected at all times. Measures include the following:
Secure AWS Hosting
ShuttlerockCloud production servers are hosted on Amazon Web Services (AWS). The servers are located in Ireland with redundancies in Germany.
Encryption
AWS encrypts ShuttlerockCloud data at rest and uses TLS 1.2 on AWS CloudFront during transit. Endpoint devices are encrypted locally.
SOC 2
Shuttlerock is independently audited against the SOC 2 framework annually. The most recent report was issued December 11th, 2023, and was for the observation period: October 1st, 2022 – September 30th, 2023.
High Availability
To ensure redundancy our servers are located in geographically diverse locations. Any scheduled maintenance or planned downtime is announced ahead of time.
Subscribe here for updates.
https://status.shuttlerock.com
Backups & DLP
Shuttlerock back up client data daily and can be recovered in the event of system failure. We also use Data Loss Prevention tools across several systems to further protect our client information.
Endpoint MDM
Shuttlerock uses mobile device management systems to manage staff endpoint devices. Google GCPW for Windows devices and Kandji for Apple devices. Vanta is deployed to monitor our organisational and technical compliance.
Vulnerability
Testing
Shuttlerock applications are penetration tested by third-party companies on an annual basis. This helps to identify and remove any exploitable vulnerabilities and reduces the risk of data breaches and security incidents.
Organisational Security
At Shuttlerock we believe that ‘Security is everyone's responsibility’. Because of this, we have built a strong culture around education and processes. This ensures staff are aware of the correct procedures and the reason behind why they are important.
Staff Security Training
All Shuttlerock staff complete extensive online security awareness and GDPR training. This is renewed annually and is a major part of the onboarding process.
Password Management
Shuttlerock staff are provided with a centrally managed password manager. This improves password complexity and encrypts system login details. The 2FA feature is used to secure shared vault authentication.
Zero Trust Access
Access to systems, applications and services is managed centrally and approved prior. Roles and permissions are used where possible. Regular access audits are conducted.
Background Checks
Third-party background employment checks are performed on key employees that have elevated privileges. Checks involve looking into references, previous employment and history.
Dedicated Security
Our dedicated IT security team oversee the digital environment and work closely with staff to ensure we are secure by design and compliant with our IT frameworks. We have an appointed DPO and Data Security Management Team.
Physical Security
Our offices and studios have a range of access control systems (key tags, fingerprint scanners). We implement visitor management systems through Envoy. CCTV is in each office. Access to networking infrastructure is secured and limited.
Shuttlerock uses the Crowdstrike Falcon EDR system to protect our Windows based computer fleet from malicious and unwanted programs. We use the Kandji EDR system to carry out the same task on our fleet of Apple computers.
Security Resources
Below are several useful security-related request forms, documents and policies. If you don’t see what you require, or need more information please contact us at security@shuttlerock.com
Bug Bounty
Data security is a top priority for Shuttlerock. We run an in-house Bug Bounty program.
If you believe you’ve discovered a potential vulnerability, follow the link below for more information.
Sub Processors
All sub-processors are assessed for risk before use. Shuttlerock maintains an up-to-date list of the names, locations and processing activities of sub-processors.
GDPR PII Removal Request
If you require your PII data to be removed from our systems, email your information to security@shuttlerock.com
We need your name and email address. Once removed you will receive confirmation.
SOC 2 Report
To request a copy of the latest SOC 2 Type II audit report, or to ask any questions about our audit accreditation, please submit your request to security@shuttlerock.com
Policies
The following links are to key security policies and guidelines.
Get In Touch
Ready to get started? Want to learn more?
Get in touch with Shuttlerock today.
General IT Security
security@shuttlerock.com