Our data protocols
Data retention and disposal
Data is retained with a custom process for every client which complies with strict legislative standards.
We keep your data in the national jurisdiction of your business and subject to local data privacy regulations.
Our security protocols
Our policies are standardised
Our security policies are written consistant with a ISO27001 typology.
We conduct hardening on our networks and servers
We pursue standard CIS guidelines where appropriate to keep our infrastructure safe
Our platform is subjected to routine penetration testing
We engage a third party to find security gaps and any vulnerabilities found are promptly patched.
We implement encryption everywhere
All our data is encrypted using standard best practice algorithms in our database and in transit. These protocols are updated in line with industry standards.
We support our shared security model
We evangelise our security first-commitment when engaging and supporting our clients so that they understand and mitigate the risks implicit in end-user operations.
We follow best authentication and authorisation practices
For all clients we offer a range of options for securely authenticating into the system. This includes Single Sign On via OAuth or SAML, Multi-Factor Authentication and others.
Ensuring trust and control
We preserve your anonymity
If you have opted to be anonymous, we guarantee the protection of your identity until, if and when you decide to disclose it.
You control who receives the information you submit via Elker
You decide who is authorised to read and respond to your matter.
We don’t collect any data that isn’t necessary to fulfill your reporting needs
We have no need for any information that doesn't help you to submit a report or stay in contact with the people that can help you.
Cyber awareness training
All of our staff complete cyber-awareness training.
Staff background checks
We conduct background checks on all staff.
Incentives to identify vulnerabilities
Staff are incentivised to alert the organisation to any security vulnerabilities.
Principle of least privilege
Staff are provided only the access they need to perform their role.