At Shuttlerock we lead with a security-first mindset. This combined with world-class cloud services enables Shuttlerock to stay ahead of the competition and deliver highly secure, reliable CaaS services to our clients.
The Shuttlerock Trust Center provides the latest information on our approach to security, privacy and compliance.
Partnered with the world’s leading digital platforms
At Shuttlerock we use a wide range of techniques and tools to ensure client data and privacy is protected at all times. Measures include the following:
Secure AWS Hosting
ShuttlerockCloud production servers are hosted on Amazon Web Services (AWS). The servers are located in Ireland with redundancies in Germany.
AWS encrypts ShuttlerockCloud data at rest and uses TLS 1.2 on AWS CloudFront during transit. Endpoint devices are encrypted locally.
ShuttlerockCloud is running on AWS virtual servers that have been validated as being compliant with SOC 2 security practices.
To ensure redundancy our servers are located in geographically diverse locations. Any scheduled maintenance or planned downtime is announced ahead of time.
Subscribe here for updates.
Backups & DLP
Shuttlerock back up client data daily and can be recovered in the event of system failure. We also use Data Loss Prevention tools across several systems to further protect our client information.
Shuttlerock uses mobile device management systems to manage staff endpoint devices. Google GCPW for Windows devices and Kandji for Apple devices. Vanta is deployed to monitor our organisational and technical compliance.
Shuttlerock applications are penetration tested by third-party companies on an annual basis. This helps to identify and remove any exploitable vulnerabilities and reduces the risk of data breaches and security incidents.
At Shuttlerock we believe that ‘Security is everyone's responsibility’. Because of this, we have built a strong culture around education and processes. This ensures staff are aware of the correct procedures and the reason behind why they are important.
Staff Security Training
All Shuttlerock staff complete extensive online security awareness and GDPR training. This is renewed annually and is a major part of the onboarding process.
Shuttlerock staff are provided with a centrally managed password manager. This improves password complexity and encrypts system login details. The 2FA feature is used to secure shared vault authentication.
Zero Trust Access
Access to systems, applications and services is managed centrally and approved prior. Roles and permissions are used where possible. Regular access audits are conducted.
Third-party background employment checks are performed on key employees that have elevated privileges. Checks involve looking into references, previous employment and history.
Our dedicated IT security team oversee the digital environment and work closely with staff to ensure we are secure by design and compliant with our IT frameworks. We have an appointed DPO and Data Security Management Team.
Our offices and studios have a range of access control systems (key tags, fingerprint scanners). We implement visitor management systems through Envoy. CCTV is in each office. Access to networking infrastructure is secured and limited.
Shuttlerock uses the Crowdstrike Falcon EDR system to protect our Windows based computer fleet from malicious and unwanted programs. We use the Kandji EDR system to carry out the same task on our fleet of Apple computers.
Below are several useful security-related request forms, documents and policies. If you don’t see what you require, or need more information please contact us at firstname.lastname@example.org
Data security is a top priority for Shuttlerock. We run an in-house Bug Bounty program.
If you believe you’ve discovered a potential vulnerability, follow the link below for more information.
All sub-processors are assessed for risk before use. Shuttlerock maintains an up-to-date list of the names, locations and processing activities of sub-processors.
GDPR PII Removal Request
If you require your PII data to be removed from our systems, email your information to email@example.com
We need your name and email address. Once removed you will receive confirmation.
The following links are to key security policies and guidelines.
Get In Touch