Safecall Technical & Security

Frequently Asked Questions (FAQs)

SafeCall’s technical infrastructure and security webpage addresses critical questions about our enterprise whistleblowing platform’s technical capabilities and security protocols.

The page covers comprehensive solutions including UK-based data centres, GDPR compliance, and robust security frameworks aligned with ISO 27001 standards.

Key features include enterprise-scale capacity supporting millions of users, customizable workflows, and automated routing systems.

Security measures encompass incident response procedures, data sovereignty protocols, and cross-border transfer mechanisms.

These FAQs outline SLA commitments, performance benchmarks, and security guarantees, demonstrating our commitment to maintaining the highest technical and security standards for global compliance requirements.

  • What are your exact data sovereignty and cross-border data transfer protocols? 

    With UK-based data centres and full GDPR compliance, we have robust protocols for handling data internationally. For organisations with specific data sovereignty requirements, we can discuss: 

    • Data residency options 
    • Cross-border transfer mechanisms, including Standard Contractual Clauses 
    • Any additional safeguards required 

    Our legal team works closely with client counsel to ensure all transfer mechanisms meet relevant regulatory standards. 

  • How do you handle specific jurisdictional requirements for our global operations? 

    We have extensive experience supporting organisations with global compliance requirements, including the EU Whistleblowing Directive, UK regulations, US standards, and others. Our compliance team works closely with your legal team to ensure all regional obligations are met — from data localisation and reporting protocols to language requirements. We can provide jurisdiction-specific compliance matrices and implementation guidance. 

  • What are your exact SLA terms and penalty structures? 

    We offer comprehensive SLAs, typically covering: 

    • System availability (usually 99.9%) 
    • Response times based on priority levels 
    • Data security guarantees 

    Penalty structures and remedies are tailored to your organisation’s needs and the criticality of the service. Our contracts team can share detailed SLA frameworks and discuss appropriate penalty or credit structures during commercial negotiations. 

  • What are your exact capacity limits and performance benchmarks? 

    Our system is built to support enterprise-scale deployments, including millions of users. Performance benchmarks vary depending on factors such as concurrent usage, reporting volumes, and campaign activity. We can provide detailed capacity planning, scalability roadmaps, and performance guarantees based on your organisation’s size and expected usage. We regularly scale resources to meet demand during peak periods, such as awareness campaigns.  

  • What are the exact limits of system customisation for our specific workflow requirements? 

    Our platform offers a wide range of customisation options, including custom fields, automated routing rules, personalised dashboards, and configurable approval workflows. The level of customisation depends on your specific needs — from straightforward configuration to more complex development. Our solutions team will work with you to understand your workflow and provide tailored options, along with estimated timelines. 

  • What specific incident response procedures do you have in place? 

    We follow comprehensive incident response procedures aligned with ISO 27001, including clearly defined escalation paths, communication protocols, and recovery processes. Our response team includes both internal security specialists and external forensic partners when needed. We can share our incident response framework and discuss notification timelines and procedures during a security briefing.