SALTO WECOSYSTEM
Help and Support

Choose your location and language settings

Global

|

English

Global

Germany

Switzerland

United Kingdom

Ireland

France

Netherlands

Belgium

Spain

Portugal

Italy

Russia

Poland

Czech Republic

Denmark

Sweden

Norway

Finland

USA

Canada

Mexico

Colombia

Chile

China

Korean

Singapore

Hong Kong

Vietnam

Japan

Australia / New Zealand

UAE

Saudi Arabia

South Africa

India

Why cybersecurity matters now more than ever: Salto’s commitment to secure smart access

January 28, 2026 - Product news

Ready to go from risk to resilience? Discover Salto’s approach to building confidence in a digital era.

In today’s hyperconnected world, cybersecurity is no longer just a technical issue – it’s fundamental to trust, resilience, and uninterrupted business operations. The rapid adoption of artificial intelligence (AI), particularly in cloud environments, has forced organisations to address new challenges in cybersecurity and data privacy. 

Sophisticated threat actors are advancing at an unprecedented pace, operating with stealth and precision to target the very heart of modern society: operational technology (OT) and building security infrastructure. Moving beyond traditional data theft, cyber criminals now seek physical disruption and, in some cases, outright sabotage. This growing threat landscape is further complicated by the increasing convergence of IT and OT systems, driven by business demands for greater efficiency, connectivity, and automation. As these technologies merge, so do their vulnerabilities, making the need for robust cybersecurity more critical than ever. 

The stakes are especially high at Salto as pioneers in advanced smart access and identity solutions. The security of digital infrastructure has a direct impact on physical safety, customer trust, and compliance with evolving regulations. 

Navigating an expanding threat landscape 

Cyber threats are growing, both in complexity and frequency. From ransomware attacks and phishing scams to supply chain vulnerabilities and insider risks, organisations face a broad spectrum of risks. These challenges don’t just disrupt IT systems; they threaten the very environments where people live and work. 

The rise of smart buildings – where IT and OT converge – only intensifies these risks. Access control solutions now manage not just door operation but integrated systems that connect digital and physical security. In this landscape, cybersecurity becomes a business-critical imperative, protecting both data and people. 

Why is cybersecurity essential for Salto and our partners? 

As a trusted innovator in electronic locking solutions and cloud-based access control platforms, Salto plays a pivotal role in securing physical and digital environments. Our responsibility stretches far beyond hardware – we manage sensitive information, such as user credentials, access logs, and system configurations. 

By adhering to internationally recognised security standards like ISO 27001, GDPR, and the NIS 2 Directive, Salto demonstrates an unwavering commitment to data protection and compliance. This inspires confidence among our clients and partners, who increasingly demand transparency and proven security measures. 

Cybersecurity also enables innovation. It empowers Salto to expand our digital smart access capabilities, integrate with diverse third-party systems, and support remote access management – all without compromising safety, reliability, or user confidence. 

Embedding cybersecurity into the Salto DNA: a strategic approach 

Effective cybersecurity calls for more than reactive defense. At Salto, we ensure it’s embedded at every stage, from design and development, through to deployment and ongoing support. Our strategy embraces a proactive, layered defense model that combines governance policies, advanced technical controls, employee training, and continuous monitoring. 

This comprehensive approach ensures we’re a step ahead of emerging threats and adapt rapidly to new challenges, delivering resilient, secure access solutions for our clients worldwide. 

Securing smart access: Salto’s cybersecurity framework

Meeting security needs: excellence in compliance 

At Salto, security compliance is far more than just a checkbox. It’s a strategic commitment that drives how we design, develop, and operate our smart access solutions. Through rigorous certifications and adherence to global standards, we underscore our dedication to protecting customer data, meeting legal requirements, and providing secure, reliable products across markets. 

1. ISO/IEC 27001 certification

Salto’s Information Security Management System (ISMS) is ISO/IEC 27001 certified, validating our structured, risk-based approach to safeguarding sensitive data, digital and physical assets, and continuous security improvements.

All Salto solutions, from our cloud platforms to software applications, are developed and operated within the scope of this certified ISMS. Compliance with ISO 27001 principles ensures consistent protection, accountability, resilience, and trust, giving our clients confidence that our security controls meet international benchmarks. 

Learn more: Certifications | Salto Systems 

2. MASA certification for mobile apps 

The security of our mobile applications is paramount. Salto’s apps have achieved MASA (Mobile Application Security Assessment) certification, as certified by a Google Authorized Lab.

This certification confirms our adherence to the OWASP Mobile Application Security Verification Standard (MASVS). In practice, it means our apps uphold rigorous standards in the following: 

  • Secure architecture and design 
  • Data encryption at rest and in transit 
  • Robust authentication and session management 
  • Privacy controls and secure communication protocols 
  • These measures ensure that our mobile credential and management apps provide secure and trustworthy user experiences

    Learn more: Certifications | Salto Systems 
Securing smart access: Salto’s cybersecurity framework

3. BSI Kitemark™ for IoT and secure applications 

Salto holds two prestigious certifications from the British Standards Institution (BSI): 

  • BSI Enhanced Level IoT Kitemark™: Validates that select Salto hardware products meet advanced cybersecurity requirements in accordance with ETSI EN 303 645 standards for IoT devices. 
  • BSI Kitemark™ for Secure Digital Applications: Certifies that Salto ProAccess Space and JustIN Mobile app comply with the OWASP Application Security Verification Standard (ASVS) for secure software development. 

These certifications corroborate that our physical and digital solutions are resilient against cyber threats, capable of secure updates, and committed to protecting user data throughout their entire lifecycle. 

For more details, see: BSI IoT Kitemark Certificate (KM_723320) and BSI Secure Applications Kitemark Certificate (KM_731184) 

4. NIS 2 and DORA compliance 

Salto not only helps clients meet European regulations, such as the NIS 2 Directive and the Digital Operational Resilience Act (DORA), but we also ensure our own solutions and operations align with these critical standards. 

Here’s how Salto meets NIS 2 Directive requirements: 

  • Risk management and governance: Formal risk assessments, incident response plans, and business continuity strategies embedded within our ISO 27001-certified ISMS. 
  • Technical and organisational controls: Robust access controls, encryption, secure software development, and vulnerability management. 
  • Incident handling and reporting: Structured processes for timely detection, response, and communication supported by our Security Operations Center (SOC). 
  • Supply chain security: Rigorous evaluation and monitoring of third-party vendors to uphold Salto’s security standards. 
  • Continuous improvement: Regular review and updates of our compliance program to address evolving threats and regulatory changes. 

Additionally, Salto’s access control and identity management platforms assist clients in complying with NIS 2 Directive and DORA obligations by providing: 

  • Granular access control and multi-factor authentication 
  • Digital visitor management with real-time alerts 
  • Comprehensive audit trails for all access events 
  • Secure, resilient cloud infrastructure 

Download the NIS 2 & DORA Compliance Overview (PDF) for more information. 

5. Privacy and GDPR 

Respecting privacy is fundamental to our mission. Salto’s practices comply with the European Union’s General Data Protection Regulation (GDPR) and reflect international data protection standards. 

Key privacy commitments include: 

  • Responsible data use: Collecting and processing personal data only as necessary to deliver services, improve experiences, or comply with legal requirements. 
  • Transparency: Providing clear information about data use worldwide. 
  • Robust security: Employing encryption, controlled access, and continuous monitoring to safeguard personal data. 
  • Customer rights management: Enabling customers to access, correct, or delete their personal information. 
  • Trusted partnerships: Ensuring any shared data is protected by stringent privacy and security agreements. 
  • No data sales: Commitment to never selling personal data, honouring our clients' trust. 

Salto’s multifaceted approach to security compliance guarantees that our clients receive trusted, secure access control solutions aligned with the highest industry standards – empowering them to operate confidently in today’s dynamic threat landscape. 

Securing smart access: Salto’s cybersecurity framework

Looking ahead: building a secure future, together 

Cybersecurity is a shared responsibility and an ongoing journey. Salto remains committed to strengthening our security protocols in line with regulatory requirements and industry best practices. We aim to continue enabling our clients and partners to focus on growth and innovation, safe in the knowledge that their access control systems are robust, reliable, and secure. 

Want to learn more about Salto’s cybersecurity strategy and how it safeguards your access systems? Stay tuned and download our Cybersecurity Framework, Compliance, and Best Practices – a detailed roadmap to the secure future we’re building together.