Security Practices

At GRC, we prioritize the security and privacy of our customers' data. We have a holistic Information Security Program in place that is in line with SOC 2 Framework, a widely recognized information security auditing procedure. This program is communicated throughout our organization to ensure a uniform understanding of its protocols and methodologies.

Last updated: 01. August 2023

Access Control

Access to our cloud infrastructure, sensitive data and systems are stringently controlled. We implement procedures including Single Sign-On (SSO), two-factor authentication (2FA), strong password policies and role-based access control (RBAC).

Quarterly access reviews are conducted to ensure that only authorized personnel can access critical systems. Our principles adhere to a least privilege access control policy.

Data and Cloud Security

All of our services and customer data are hosted securely with the Google Cloud Platform (GCP), a platform that employs a robust security program with multiple certifications.

Our databases, all sedately located in the European Union, ensure your data is protected while in transit and at rest using high-standard encryption protocols.

Google Cloud Platform (GCP)

Vendor and Risk Management

We regularly perform risk assessments to identify potential threats. Vendor risk is determined and thoroughly reviewed before we authorize any new contracts. These operational practices ensure that any possible source of risk, including fraud, is addressed appropriately.

Employee Practices

Our employees are integral to our security ecosystem. Upon onboarding, they are required to sign an industry-standard confidentiality agreement and go through security awareness training. This comprises of industry-standard practices and information security topics like phishing and password management.

We also perform background checks in accordance with local laws to maintain our standard of trust.

Incident Response and Business Continuity

We have a dedicated incident response team that acts swiftly to assess and mitigate any security events or data breaches.

Our process includes escalation procedures, rapid mitigation, and transparent communication to minimize any potential impacts.

We also have robust measures in place for business continuity and disaster recovery. We use our data hosting provider’s backup services and monitoring services which alert our team promptly in case of any events affecting our users.

Physical Security

While our services are largely cloud-based, we also ensure the physical security of our corporate facilities. We maintain stringent access controls and surveillance systems to prevent unauthorized access.
At GRC, we continuously review and enhance our security practices to navigate evolving threats. We are deeply committed to safeguarding your data. If you have any questions, comments, concerns, or if you wish to report a potential security issue, please do not hesitate to contact us at security@grc-envision.com.

You can also review our Privacy Policy.