Ready to go from risk to resilience? Discover Salto’s approach to building confidence in a digital era.
In today’s hyperconnected world, cybersecurity is no longer just a technical issue – it’s fundamental to trust, resilience, and uninterrupted business operations. The rapid adoption of artificial intelligence (AI), particularly in cloud environments, has forced organisations to address new challenges in cybersecurity and data privacy.
Sophisticated threat actors are advancing at an unprecedented pace, operating with stealth and precision to target the very heart of modern society: operational technology (OT) and building security infrastructure. Moving beyond traditional data theft, cyber criminals now seek physical disruption and, in some cases, outright sabotage. This growing threat landscape is further complicated by the increasing convergence of IT and OT systems, driven by business demands for greater efficiency, connectivity, and automation. As these technologies merge, so do their vulnerabilities, making the need for robust cybersecurity more critical than ever.
The stakes are especially high at Salto as pioneers in advanced smart access and identity solutions. The security of digital infrastructure has a direct impact on physical safety, customer trust, and compliance with evolving regulations.
Navigating an expanding threat landscape
Cyber threats are growing, both in complexity and frequency. From ransomware attacks and phishing scams to supply chain vulnerabilities and insider risks, organisations face a broad spectrum of risks. These challenges don’t just disrupt IT systems; they threaten the very environments where people live and work.
The rise of smart buildings – where IT and OT converge – only intensifies these risks. Access control solutions now manage not just door operation but integrated systems that connect digital and physical security. In this landscape, cybersecurity becomes a business-critical imperative, protecting both data and people.
Why is cybersecurity essential for Salto and our partners?
As a trusted innovator in electronic locking solutions and cloud-based access control platforms, Salto plays a pivotal role in securing physical and digital environments. Our responsibility stretches far beyond hardware – we manage sensitive information, such as user credentials, access logs, and system configurations.
By adhering to internationally recognised security standards like ISO 27001, GDPR, and the NIS 2 Directive, Salto demonstrates an unwavering commitment to data protection and compliance. This inspires confidence among our clients and partners, who increasingly demand transparency and proven security measures.
Cybersecurity also enables innovation. It empowers Salto to expand our digital smart access capabilities, integrate with diverse third-party systems, and support remote access management – all without compromising safety, reliability, or user confidence.
Embedding cybersecurity into the Salto DNA: a strategic approach
Effective cybersecurity calls for more than reactive defense. At Salto, we ensure it’s embedded at every stage, from design and development, through to deployment and ongoing support. Our strategy embraces a proactive, layered defense model that combines governance policies, advanced technical controls, employee training, and continuous monitoring.
This comprehensive approach ensures we’re a step ahead of emerging threats and adapt rapidly to new challenges, delivering resilient, secure access solutions for our clients worldwide.
Meeting security needs: excellence in compliance
At Salto, security compliance is far more than just a checkbox. It’s a strategic commitment that drives how we design, develop, and operate our smart access solutions. Through rigorous certifications and adherence to global standards, we underscore our dedication to protecting customer data, meeting legal requirements, and providing secure, reliable products across markets.
1. ISO/IEC 27001 certification
Salto’s Information Security Management System (ISMS) is ISO/IEC 27001 certified, validating our structured, risk-based approach to safeguarding sensitive data, digital and physical assets, and continuous security improvements.
All Salto solutions, from our cloud platforms to software applications, are developed and operated within the scope of this certified ISMS. Compliance with ISO 27001 principles ensures consistent protection, accountability, resilience, and trust, giving our clients confidence that our security controls meet international benchmarks.
Learn more: Certifications | Salto Systems
2. MASA certification for mobile apps
The security of our mobile applications is paramount. Salto’s apps have achieved MASA (Mobile Application Security Assessment) certification, as certified by a Google Authorized Lab.
This certification confirms our adherence to the OWASP Mobile Application Security Verification Standard (MASVS). In practice, it means our apps uphold rigorous standards in the following:
- Secure architecture and design
- Data encryption at rest and in transit
- Robust authentication and session management
- Privacy controls and secure communication protocols
- These measures ensure that our mobile credential and management apps provide secure and trustworthy user experiences
Learn more: Certifications | Salto Systems
3. BSI Kitemark™ for IoT and secure applications
Salto holds two prestigious certifications from the British Standards Institution (BSI):
- BSI Enhanced Level IoT Kitemark™: Validates that select Salto hardware products meet advanced cybersecurity requirements in accordance with ETSI EN 303 645 standards for IoT devices.
- BSI Kitemark™ for Secure Digital Applications: Certifies that Salto ProAccess Space and JustIN Mobile app comply with the OWASP Application Security Verification Standard (ASVS) for secure software development.
These certifications corroborate that our physical and digital solutions are resilient against cyber threats, capable of secure updates, and committed to protecting user data throughout their entire lifecycle.
For more details, see: BSI IoT Kitemark Certificate (KM_723320) and BSI Secure Applications Kitemark Certificate (KM_731184)
4. NIS 2 and DORA compliance
Salto not only helps clients meet European regulations, such as the NIS 2 Directive and the Digital Operational Resilience Act (DORA), but we also ensure our own solutions and operations align with these critical standards.
Here’s how Salto meets NIS 2 Directive requirements:
- Risk management and governance: Formal risk assessments, incident response plans, and business continuity strategies embedded within our ISO 27001-certified ISMS.
- Technical and organisational controls: Robust access controls, encryption, secure software development, and vulnerability management.
- Incident handling and reporting: Structured processes for timely detection, response, and communication supported by our Security Operations Center (SOC).
- Supply chain security: Rigorous evaluation and monitoring of third-party vendors to uphold Salto’s security standards.
- Continuous improvement: Regular review and updates of our compliance program to address evolving threats and regulatory changes.
Additionally, Salto’s access control and identity management platforms assist clients in complying with NIS 2 Directive and DORA obligations by providing:
- Granular access control and multi-factor authentication
- Digital visitor management with real-time alerts
- Comprehensive audit trails for all access events
- Secure, resilient cloud infrastructure
Download the NIS 2 & DORA Compliance Overview (PDF) for more information.
5. Privacy and GDPR
Respecting privacy is fundamental to our mission. Salto’s practices comply with the European Union’s General Data Protection Regulation (GDPR) and reflect international data protection standards.
Key privacy commitments include:
- Responsible data use: Collecting and processing personal data only as necessary to deliver services, improve experiences, or comply with legal requirements.
- Transparency: Providing clear information about data use worldwide.
- Robust security: Employing encryption, controlled access, and continuous monitoring to safeguard personal data.
- Customer rights management: Enabling customers to access, correct, or delete their personal information.
- Trusted partnerships: Ensuring any shared data is protected by stringent privacy and security agreements.
- No data sales: Commitment to never selling personal data, honouring our clients' trust.
Salto’s multifaceted approach to security compliance guarantees that our clients receive trusted, secure access control solutions aligned with the highest industry standards – empowering them to operate confidently in today’s dynamic threat landscape.
Looking ahead: building a secure future, together
Cybersecurity is a shared responsibility and an ongoing journey. Salto remains committed to strengthening our security protocols in line with regulatory requirements and industry best practices. We aim to continue enabling our clients and partners to focus on growth and innovation, safe in the knowledge that their access control systems are robust, reliable, and secure.
Want to learn more about Salto’s cybersecurity strategy and how it safeguards your access systems? Stay tuned and download our Cybersecurity Framework, Compliance, and Best Practices – a detailed roadmap to the secure future we’re building together.
