Engineered for the Enterprise
Elements Catalyst has been built from the ground up with the security and integrity of your data as paramount. We use industry best practice to deliver a software and security infrastructure that provides an extremely scalable and reliable platform for our customers.
You can download the document which is summarised below.
Data Centre Compliance
We use the industry-leading Amazon Web Services (AWS) data centers, which are considered to be the world’s best by industry analyst firm Forrester. They provide a broad set of capabilities in terms of data center security, network security, and a significant number of certifications. This level of data center and operational security allows us to be compliant with many of the most stringent industry standards.
We also comply with the US & EU Safe Harbor Frameworks for protecting the privacy of data flowing from the EU to the United States, as set forth by the US Department of Commerce. In providing our Service, we do not own, control or direct the use of the information stored or processed on our platform at the direction of our customers. In fact, we are largely unaware of what information is being stored on our platform, and only access such information as authorized by our customers or as required by law.
Only you or your customers are entitled to access, retrieve and direct the use of such information. As such, we are only the “data processors” and not the “data controllers” of the information on our platform for purposes of the EU Directive on Data Protection (Directive 95/46/EC).
To learn more about the Safe Harbor program
Penetration and Vulnerability Testing
We take data security very seriously and proactively monitor and test the network, data center infrastructure, and application. The IT operations team constantly monitors the AWS environment using cloudwatch alarms and the DevOps team monitors the application performance and behaviour using a range of monitoring tools.
We undergo monthly (or more frequent if a system configuration change has occurred) network perimeter and web application vulnerability scanning, using leading third party providers. The scans are designed to preemptively notify us of any potential vulnerabilities.
Customer penetration and vulnerability testing
If a customer wishes to do their own penetration test and security vulnerability scan, this can be requested. A specific fee will be charged for this service. Since penetration tests are often indistinguishable from network attacks, all customer-initiated tests must have permission requested and granted in writing by our technical staff prior to being run.