Data Security and Privacy in SparkThink

Did you know that anybody at Slalom can create SparkThink surveys and workshops? Just log in using your Slalom O365 account.

SparkThink is 100% built by Slalom, for Slalom. Its hosted on our Slalom AWS environment, and has been approved by Slalom Legal and InfoSec as a tool that can be used with Slalom and client audiences.

Here's some pointers about SparkThink:

  • SparkThink is hosted on Slalom's AWS Enterprise environment
  • Slalom InfoSec manages the overall AWS account
  • We use AWS GuardDuty for monitoring and threat detection
  • Data collected via SparkThink surveys and workshops is encrypted in transit - SSL connection is issued by AWS
  • Data is encrypted at rest using secret keys
  • The data exists within its own VPC network within AWS - and only SparkThink services have access (no public accessibility)
  • Tokens expire every 24 hours
  • Login access to SparkThink is limited to only those with Slalom credentials (verified by Microsoft Active Directory)
  • Only people with project-level SparkThink admin access can access projects. General SparkThink users cannot access data unless specified as a project administrator.
  • Data can be deleted upon request.

If you have any questions, feel free to reach out to sparkthink@slalom.com.