Security and data privacy
Security is at the core of our business. Elker is trusted by leading organisations for secure data handling and protecting the anonymity of reporters.
Our certifications and controls
ISO 27001 certified
Elker is certified with ISO 27001, the international standard for information security management systems. For a copy of our certificate, contact us.
Vanta trust portal
For a detailed overview of our security controls, procedures, and privacy practices, visit our Vanta Trust Portal.
Our security framework
Zero-trust architecture
We verify every access request, no matter where it comes from. This means even if someone manages to breach one layer of security, they still can't access sensitive data without proper authentication.
Defence-in-depth
Instead of relying on a single security measure, we layer multiple controls throughout our systems. Each layer adds protection and makes it increasingly difficult for potential threats to get through.
Privacy-by-design
We consider privacy implications at every stage of our development process. Privacy protection is integrated into every part of our system.
Continuous improvement
Security threats evolve, and so do we. We regularly update our security measures, perform penetration testing on our systems, and incorporate new protections to stay ahead of emerging threats.
Security governance
Elker's leadership team sets the overall security strategy and regularly reviews the implementation of security controls and metrics to ensure continuous improvement.
Technical security
Single Sign-On (SSO)
Elker supports secure authentication via Single Sign-On (SSO) using industry-standard protocols. Integration with Microsoft Entra and Active Directory enables clients to leverage their Microsoft 365 or on-premises AD accounts for seamless SSO experiences.
Comprehensive penetration testing
We engage independent security experts to conduct full-stack penetration tests on our systems at least annually. Any vulnerabilities discovered are promptly remediated.
Cyber incident response
Elker maintains a comprehensive cyber incident response plan that is regularly reviewed. Our team is prepared to detect, respond to, and recover from potential security incidents rapidly.
Secure development lifecycles
Security is embedded throughout our product development lifecycle. All changes undergo threat modelling and code review for security issues. Third-party libraries are continuously monitored for vulnerabilities. Automated security testing is performed on every code change before deployment.
SOC 2-certified infrastructure
All of Elker's cloud services maintain SOC 2 compliance, ensuring they adhere to strict security and availability standards. Elker will be SOC 2 certified in 2025.
Granular access controls
Access to all Elker systems is governed by the principle of least privilege and enforced by role-based access control (RBAC). Clients have full visibility and control over access permissions for their instances.
Personnel & organisational security
Employee background checks
All Elker staff undergo thorough background checks as part of the hiring process.
Security awareness training
Elker staff complete cybersecurity awareness training to ensure their responsibilities in protecting client data are understood.
Cybersecurity policy adherence
Elker maintains a 100% acceptance rate for our cybersecurity policies, which all staff must review and agree to.
Vendor risk management
We assess the security posture of all third-party vendors, including cloud service providers and contractors, based on the risk they pose. Vendor security is continuously monitored throughout the engagement.
Enterprise data protections
- AES-256 encryption for data in transit and at rest
- ISO 27001-certified
- GDPR compliant
- SOC 2-certified hosting infrastructure
Data privacy at Elker
Reporter anonymity
For reporters who wish to remain anonymous, Elker guarantees that their identity will be protected.
Data minimisation
We only collect the minimum amount of personally identifiable information (PII) needed to enable reporting and communication with authorised parties.
Data protection
All PII is masked in logs and encrypted both in transit and at rest using industry best practices. Access to client data is strictly controlled and audited.
See how Elker can help with compliance and build a culture of accountability and trust in your organisation.