Elements Data Security and Compliance

Data holding; ISO27001; Data security; How Elements use my data; Where is my data stored; What does Elements do with my data

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

Digital age and 4th industrial revolution come with a whole new spectrum of dangers, especially online. Let us tell you more about how we protect you and your data, and what form does our compliance take in alignment with world renowned regulators.

Article outline

  • Prerequisites

  • Engineered for enterprise

  • Data center compliance

  • Penetration and vulnerability testing

  • Customer penetration and vulnerability testing

  • You might be also interested in

Prerequisites

  • Understanding of data security policies

Engineered for the Enterprise

Elements has been built from the ground up with the security and integrity of your data as paramount. We use industry best practice to deliver a software and security infrastructure that provides an extremely scalable and reliable platform for our customers.

You can download the document, which is summarised below.

Data Centre Compliance

We use the industry-leading Amazon Web Services (AWS) data centers, which are considered to be the world’s best by industry analyst firm Forrester. They provide a broad set of capabilities in terms of data center security, network security, and a significant number of certifications. This level of data center and operational security allows us to be compliant with many of the most stringent industry standards.

We also comply with the US & EU Safe Harbor Frameworks for protecting the privacy of data flowing from the EU to the United States, as set forth by the US Department of Commerce. In providing our Service, we do not own, control or direct the use of the information stored or processed on our platform at the direction of our customers. In fact, we are largely unaware of what information is being stored on our platform, and only access such information as authorized by our customers or as required by law.

Only you or your customers are entitled to access, retrieve and direct the use of such information. As such, we are only the “data processors” and "not the data controllers” of the information on our platform for purposes of the EU Directive on Data Protection (Directive 95/46/EC).

To learn more about the Safe Harbor program

Penetration and Vulnerability Testing

We take data security very seriously and proactively monitor and test the network, data center infrastructure, and application. The IT operations team constantly monitors the AWS environment using CloudWatch alarms, and the DevOps team monitors the application performance and behaviour using a range of monitoring tools.

We undergo monthly (or more frequent if a system configuration change has occurred) network perimeter and web application vulnerability scanning, using leading third party providers. The scans are designed to preemptively notify us of any potential vulnerabilities.

Customer penetration and vulnerability testing

If a customer wishes to do their own penetration test and security vulnerability scan, this can be requested. A specific fee will be charged for this service. Since penetration tests are often indistinguishable from network attacks, all customer-initiated tests must have permission requested and granted in writing by our technical staff prior to being run.

You might be also interested in

List of supported internet browsers - check what browser complies with Elements best

Did this answer your question?