Welcome to our Trust Center
Explore our commitment to cybersecurity excellence.
Discover how we secure client data according to industry standards.
Gain peace of mind with our certifications & third-party audits.
Request documentation
Compliance
ISO 27001
Cyber Insurance
Penetration test
GDPR
Data Privacy Framework
FAQs
What certifications or compliance standards does your platform adhere to?
Scaler is ISO27001:2022 certified, which is supported by annual audits and penetration tests.
Can you share any third-party reports or audits that validate your security practices?
We continuously monitor compliance to our policies using SecureFrame and take action in case action is required. In addition, we undergo regular security audits or assessments from specialised third-parties or as part of client due diligence processes.
What is the geographical location of your infrastructure and our data?
Scaler infrastructure runs on AWS servers located in Ireland and the US.
How do you ensure the security of our data within your platform?
We actively protect the Confidentiality, Integrity and Availability of our systems and data with several security measures.
We have a redundant setup that is protected behind a firewall (WAF). We applied segmentation, where only our web application and bastion host are in our public subnet. We actively monitor error & performance logging to identify disruptions or potential incidents. We create daily and weekly backups to guarantee our business continuity, with offsite copies of the weekly backups. Backups must be retained for at least 30 days.
What specific measures do you have in place to protect against data breaches?
Our entire platform is only accessible for our users, where user accounts can only be created by Scaler or the client admin. We applied segmentation, where only our web application and bastion host are in our public subnet. It is not possible to directly access the data.
Can you provide details about the encryption methods used to safeguard our information?
Data in Transit is encrypted using strong cryptography and security protocols (TLS 1.2+ or a minimally equivalent protocol) to safeguard sensitive data during transmission over open, public networks.
Data at Rest is encrypted using strong encryption methods (AES-256 or a minimally equivalent protocol).
Are your employees trained in cybersecurity best practices?
Yes, all our employees must complete their annual security awareness training and we run our periodic phishing simulation that tests the resilience of our employees to help them to recognise and report phishing and other scams.
Do you have a dedicated team responsible for monitoring and addressing security threats?
Yes, our DevOps team is continiously monitoring the Scaler platform and investigating potential security threats. In case of an event or threat indicator, the team involves our Chief Security Officer (CSO) for further analysis.
How do you handle data backups and disaster recovery to prevent data loss?
We have a Business Continuity & Disaster Recovery Plan that we follow in case of disruptions, where recovery into three stages: Disaster, Response, and Recovery.
To prevent data loss; we create daily and weekly backups to guarantee our business continuity, with offsite copies of the weekly backups. Backups must be retained for at least 30 days.
Do you have a cybersecurity insurance?
Yes, we have a cybersecurity insurance. More information about our insurance is shared via our Resources.
Resources
Security Policy House
Our certified security policy house.
ISO27001 certificate
Our ISO certificate.
Cyber insurance
Proof of our cybersecurity insurance.
Third-party penetration test
The report of our latest annual penetration test.
Privacy Statement
Our Privacy Statement.
Data Privacy Framework
Compliant with EU-U.S. Data Privacy Framework (EU-U.S. DPF)
Subprocessors
Amazon Web Services
AWS runs our Scaler platform.
Google Workspace
We collaborate using GSuite.
Notion
Our documentation is in Notion.