Data Security and Privacy in SparkThink
Did you know that anybody at Slalom can create SparkThink surveys and workshops? Just log in using your Slalom O365 account.
SparkThink is 100% built by Slalom, for Slalom. Its hosted on our Slalom AWS environment, and has been approved by Slalom Legal and InfoSec as a tool that can be used with Slalom and client audiences.
Here's some pointers about SparkThink:
- SparkThink is hosted on Slalom's AWS Enterprise environment
- Slalom InfoSec manages the overall AWS account
- We use AWS GuardDuty for monitoring and threat detection
- Data collected via SparkThink surveys and workshops is encrypted in transit - SSL connection is issued by AWS
- Data is encrypted at rest using secret keys
- The data exists within its own VPC network within AWS - and only SparkThink services have access (no public accessibility)
- Tokens expire every 24 hours
- Login access to SparkThink is limited to only those with Slalom credentials (verified by Microsoft Active Directory)
- Only people with project-level SparkThink admin access can access projects. General SparkThink users cannot access data unless specified as a project administrator.
- Data can be deleted upon request.
If you have any questions, feel free to reach out to sparkthink@slalom.com.