top of page
Frame 3.png
Security Trust Center.png

At Shuttlerock we lead with a security-first mindset. This combined with world-class cloud services enables Shuttlerock to stay ahead of the competition and deliver highly secure, reliable CaaS services to our clients.

The Shuttlerock Trust Center provides the latest information on our approach to security, privacy and compliance.

aicpa.png

Shuttlerock is audited by an independent third-party firm against the SOC 2 compliance standard. This is completed annually.

To learn more about SOC 2, or to request a copy of our latest audit report click the link below.

gdpr.png

As Shuttlerock has grown, our focus on protecting the data and privacy of all users has remained our highest priority.

To see how Shuttlerock complies with the General Data Privacy Regulation (GDPR) click the link below.

privacy mark.png

Shuttlerock Japan is a PrivacyMark licensed business operator.

The PrivacyMark System is set up to assess private enterprises that take appropriate measures to protect personal information. The system is compliant with Japanese Industrial standards.

Partnered with the world’s leading digital platforms
meta bp.png
_google_MP_colour.png
_youtube_MP_colour.png
pinterest.png
_tiiktok_MP_colour.png
hulu_logo.png
03_BlackBlue_Partner.png
_snapchat_MP_logo.png
amazon_ads.png

Technical Security

At Shuttlerock we use a wide range of techniques and tools to ensure client data and privacy is protected at all times. Measures include the following:

earth.png

Secure AWS Hosting

ShuttlerockCloud production servers are hosted on Amazon Web Services (AWS). The servers are located in Ireland with redundancies in Germany.

 
 
lock.png

Encryption

AWS encrypts ShuttlerockCloud data at rest and uses TLS 1.2 on AWS CloudFront during transit. Endpoint devices are encrypted locally.

 
coin.png

SOC 2

Shuttlerock is independently audited against the SOC 2 framework annually. The most recent report was issued December 11th, 2023, and was for the observation period: October 1st, 2022 – September 30th, 2023.

daynight.png

High Availability

To ensure redundancy our servers are located in geographically diverse locations. Any scheduled maintenance or planned downtime is announced ahead of time.

 

Subscribe here for updates.
https://status.shuttlerock.com

revise.png

Backups & DLP

Shuttlerock back up client data daily and can be recovered in the event of system failure. We also use Data Loss Prevention tools across several systems to further protect our client information.

 
touch.png

Endpoint MDM

Shuttlerock uses mobile device management systems to manage staff endpoint devices. Google GCPW for Windows devices and Kandji for Apple devices. Vanta is deployed to monitor our organisational and technical compliance.

 
Frame 8 (3).png

Vulnerability
Testing

Shuttlerock applications are penetration tested by third-party companies on an annual basis. This helps to identify and remove any exploitable vulnerabilities and reduces the risk of data breaches and security incidents.

Organisational Security

At Shuttlerock we believe that ‘Security is everyone's responsibility’. Because of this, we have built a strong culture around education and processes. This ensures staff are aware of the correct procedures and the reason behind why they are important.

edu.png

Staff Security Training

All Shuttlerock staff complete extensive online security awareness and GDPR training. This is renewed annually and is a major part of the onboarding process.

password.png

Password Management

Shuttlerock staff are provided with a centrally managed password manager. This improves password complexity and encrypts system login details. The 2FA feature is used to secure shared vault authentication.

trust.png

Zero Trust Access

Access to systems, applications and services is managed centrally and approved prior. Roles and permissions are used where possible. Regular access audits are conducted.

eye.png

Background Checks

Third-party background employment checks are performed on key employees that have elevated privileges. Checks involve looking into references, previous employment and history.

community.png

Dedicated Security

Our dedicated IT security team oversee the digital environment and work closely with staff to ensure we are secure by design and compliant with our IT frameworks. We have an appointed DPO and Data Security Management Team.

bar.png

Physical Security

Our offices and studios have a range of access control systems (key tags, fingerprint scanners). We implement visitor management systems through Envoy. CCTV is in each office. Access to networking infrastructure is secured and limited.

Endpoint Detection and Response 1.png
Endpoint Detection and Response 2.png

Shuttlerock uses the Crowdstrike Falcon EDR system to protect our Windows based computer fleet from malicious and unwanted programs. We use the Kandji EDR system to carry out the same task on our fleet of Apple computers.

Security Resources

Below are several useful security-related request forms, documents and policies. If you don’t see what you require, or need more information please contact us at security@shuttlerock.com

box.png

Bug Bounty

Data security is a top priority for Shuttlerock. We run an in-house Bug Bounty program.


If you believe you’ve discovered a potential vulnerability, follow the link below for more information.

sub.png

Sub Processors

All sub-processors are assessed for risk before use. Shuttlerock maintains an up-to-date list of the names, locations and processing activities of sub-processors.

chat.png

GDPR PII Removal Request

If you require your PII data to be removed from our systems, email your information to security@shuttlerock.com


We need your name and email address. Once removed you will receive confirmation.

report.png

SOC 2 Report

To request a copy of the latest SOC 2 Type II audit report, or to ask any questions about our audit accreditation, please submit your request to security@shuttlerock.com

policy.png

Policies

The following links are to key security policies and guidelines.

studio-bg-overlay-50.png

Get In Touch

Ready to get started? Want to learn more?
Get in touch with Shuttlerock today.

General IT Security
security@shuttlerock.com

 

Data Security Enquiries

data.security@shuttlerock.com

 

Privacy/GDPR Enquiries

privacy@shuttlerock.com

 

Data Protection Officer - Shaun Heath

shaun.heath@shuttlerock.com

 
bottom of page