top of page
header.png

Security Trust Center

At Shuttlerock we lead with a security-first mindset. This combined with world-class services 
enables Shuttlerock to stay ahead of the competition and deliver highly secure, reliable CaaS services to our clients.
The Shuttlerock Trust Center provides the latest information on our approach to security, privacy and compliance.

aicpa.png

Shuttlerock is audited by an independent third-party firm against the SOC 2 compliance standard. This is completed annually.

To learn more about SOC 2, or to request a copy of our latest audit report click the link below.

gdpr.png

As Shuttlerock has grown, our focus on protecting the data and privacy of all users has remained our highest priority.

To see how Shuttlerock complies with the General Data Privacy Regulation (GDPR) click the link below.

PNG_GDPR 1.png

Shuttlerock Japan is a PrivacyMark licensed business operator.

The PrivacyMark System is set up to assess private enterprises that take appropriate measures to protect personal information. The system is compliant with Japanese Industrial standards.

Trusted platform partners

Technical
Security

At Shuttlerock, we use a wide range of techniques and tools to ensure client data and privacy is protected at all times. Measures include the following:

Secure AWS Hosting

Shuttlerock production services are hosted on Amazon Web Services (AWS). The servers are located in Ireland with redundancies in Germany.

Encryption

AWS encrypts ShuttlerockCloud data at rest and uses TLS 1.2 on AWS CloudFront during transit. Endpoint devices are encrypted locally.

SOC 2

Shuttlerock is independently audited against the SOC 2 framework annually. The most recent report was issued December 11th, 2023, and was for the observation period: October 1st, 2022 – September 30th, 2023.

High Availability

To ensure redundancy our servers are located in geographically diverse locations. Any scheduled maintenance or planned downtime is announced ahead of time. Subscribe here for updates.
https://status.shuttlerock.com

Backups & DLP

Shuttlerock backup client data daily and can be recovered in the event of system failure. We also use Data Loss Prevention tools across several systems to further protect our client information.

Endpoint MDM

Shuttlerock uses mobile device management systems to manage staff endpoint devices. Google GCPW for Windows devices and Kandji for Apple devices. Vanta is deployed to monitor our organisational and technical compliance.

vulnerability.png

Vulnerability
Testing

Shuttlerock applications are penetration tested by third-party companies on an annual basis. This helps to identify and remove any exploitable vulnerabilities and reduces the risk of data breaches and security incidents.

Organisational
Security

Staff Security Training

All Shuttlerock staff complete extensive online security awareness and GDPR training. This is renewed annually and is a major part of the onboarding process.

At Shuttlerock we believe that ‘Security is everyone's responsibility’. Because of this, we have built a strong culture around education and processes. This ensures staff are aware of the correct procedures and the reason behind why they are important.

Password Management

Shuttlerock staff are provided with a centrally managed password manager. This improves password complexity and encrypts system login details. The 2FA feature is used to secure shared vault authentication.

Zero Trust Access

Access to systems, applications and services is managed centrally and approved prior. Roles and permissions are used where possible. Regular access audits are conducted.

Background Checks

Third-party background employment checks are performed on key employees that have elevated privileges. Checks involve looking into references, previous employment and history.

Dedicated Security

Our dedicated IT security team oversee the digital environment and work closely with staff to ensure we are secure by design and compliant with our IT frameworks. We have an appointed DPO and Data Security Management Team.

Physical Security

Our offices and studios have a range of access control systems (key tags, fingerprint scanners). We implement visitor management systems through Envoy. CCTV is in each office. Access to networking infrastructure is secured and limited.

endpoint.png

Endpoint
Detection
and Response

Shuttlerock uses the Crowdstrike Falcon EDR system to protect our Windows based computer fleet from malicious and unwanted programs. 
We use the Kandji EDR system to carry out the same task on our fleet of Apple computers.

Security
Resources

Below are several useful security-related request forms, documents and policies. If you don’t see what you require, or need more information please contact us at security@shuttlerock.com

Bug Bounty

Data security is a top priority for Shuttlerock. We run an in-house Bug Bounty program.

If you believe you’ve discovered a potential vulnerability, follow the link below for more information.

GDPR PII Removal Request

If you require your PII data to be removed from our systems, email your information to security@shuttlerock.com
We need your name and email address. Once removed you will receive confirmation.

SOC 2 Report

To request a copy of the latest SOC 2 Type II audit report, please visit trust.shuttlerock.com, or to ask any questions about our audit accreditation, please email security@shuttlerock.com

Sub Processors

All sub-processors are assessed for risk before use. Shuttlerock maintains an up-to-date list of the names, locations and processing activities of sub-processors.

Policies

The following links are to key security policies and guidelines.

footer.png

Get in Touch

Ready to get started? Want to learn more? Get in touch with Shuttlerock today.

General IT Security
security@shuttlerock.com

 

Data Security Enquiries

data.security@shuttlerock.com

 

Privacy/GDPR Enquiries

privacy@shuttlerock.com

 

Data Protection Officer - Shaun Heath

shaun.heath@shuttlerock.com

 
bottom of page