Catapult Security
At Catapult, we to unleash the potential of every athlete and team on earth. We work with more than 4,600 elite teams in over 100 countries globally, and information security is of the upmost importance in our industry. From Compliance Certifications to exemplary company standards and practices, below is a small sampling of the security measure that you can expect from Catapult.
ISO/IEC 27001 Certified
ISO27001 is the premier international standard for information security management. This certification validates that we have implemented a comprehensive Information Security Management System (ISMS) to protect your sensitive data through rigorous risk management and continuous improvement.
HDS (Hébergeur de Données de Santé) Certified
The HDS certification is a mandatory French standard for hosting personal health data, aligned with stringent EU privacy regulations. This demonstrates our capability to provide secure, confidential, and highly available hosting solutions specifically for the healthcare industry.
Hébergeur de Données de Santé (HDS)
Information relevant to Requirement No. 31 is below.
|
Business name of the actor |
Role in the hosting service (Host/processor of the Host) |
HDS certified (yes / no / exempted) |
SecNumCloud 3.2 qualified |
Hosting activities in which the player is involved |
Access to personal health data from countries outside the European Economic Area, by the Host or one of its processors (Requirement No 29 of the HDS framework) |
Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law (Requirement no 30 of the HDS framework) |
|---|---|---|---|---|---|---|
| Catapult | Host |
Yes
|
No | Activities 3-4 |
If a customer engages with customer support, athlete data may be accessed by Catapult support staff in one of the following regions: (United States, United Kindgom, Australia) | No |
| Amazon Web Services, Inc. | Public cloud / processor |
Yes
|
No | Activities 1-4 & 6 |
Catapult selected the EU region (Ireland) to host customers located in France AWS Regions & Availability Zones |
No |
| Atlassian, Inc. | Processor - Customer support platform services and project/planing |
No
|
No | Activities 3,4 |
No access to data from a country outside the European Economic Area | No - customer data is not processed in Atlassian tools |
| Datadog, Inc. | Processor - Centralised storage and analysis of software system logs |
No
|
No | Activities 3,4 |
No access to data from a country outside the European Economic Area | No - Datadog does not pull logs that contain PHI |
| MongoDB, Inc. | Processor - Storage and retrieval of aggregated performance data |
Yes
|
No | Activities 3,4 |
If Catapult engages MongoDB technical support, athlete metrics data uploaded to Atlas, may be accessed by MongoDB personnel in one of the following affiliate locations (United States, United Kingdom, Australia) | Yes. The MongoDB Atlas Control Plane is based in the United States. However, Atlas offers customers tools to mitigate risks of access. FAQs 4.3 and 4.4 of MongoDB’s |
| Zendesk Inc. | Processor - Customer service and technical support |
Yes
|
No | Activities 3,4 |
No, no access to data from a country outside the European Economic Area | No |