This Security Statement is aimed at providing you with more information about our security position and practices.

ISO 9001 Certification

GXA maintains an ISO 9001 certification. Our ISO 9001 certification signifies our unwavering commitment to consistently delivering high-quality products and services that exceed customer expectations. By partnering with us, you can expect streamlined processes, enhanced efficiency, and increased customer satisfaction. Our adherence to internationally recognized quality standards not only ensures regulatory compliance but also boosts our credibility as a reliable and trustworthy partner. We are dedicated to continuous improvement.

Copy of our ISO 9001 certification is available upon request.

SOC 2 Type 2 Report

GXA is currently in the process of acquiring its SOC2 Type 2 report, showcasing our internal controls that outline our robust measures for safeguarding client data and ensuring the safety and effectiveness of our security protocols. SOC2 Type 2 report ensures that we adhere to industry-recognized standards, giving you the confidence that your partnership with us aligns with regulatory requirements and provides you with tangible evidence of our robust security measures, reducing your exposure to potential breaches and associated liabilities. By working with us, you can trust that your information is handled with the utmost care and protection.

Target date for audit and certification is June 2024. Report will be available upon request.

Information Security Policy

At GXA, safeguarding sensitive information and maintaining the integrity, confidentiality, and availability of our systems is paramount. Our Information Security policy serves as a foundational document, outlining the responsibilities of our employees and defining the acceptable use of information system resources. Regular reviews and updates ensure that our policies remain current and effective in the ever-evolving landscape of cybersecurity threats.

Organizational Security

Aligned with the esteemed NIST Cybersecurity Framework, GXA has implemented a comprehensive organizational security strategy. This strategy incorporates layered security controls designed to proactively identify, prevent, detect, and respond to security incidents. Through diligent monitoring, vulnerability assessments, threat mitigation efforts, and robust risk management practices, we strive to uphold the highest standards of security across all facets of our operations.

Personnel Security

Our employees are not just representatives of GXA; they are stewards of our clients’ trust and data. To ensure the integrity of our workforce, we enforce strict guidelines and expectations for employee conduct. All new hires are required to sign confidentiality agreements and affirm their understanding and adherence to GXA’s code of conduct policy. By fostering a culture of accountability and integrity, we fortify the foundation upon which our security practices stand.

Physical & Environmental Security

Recognizing the critical importance of physical and environmental security, GXA has entrusted its data center operations to a Tier 1 provider renowned for its stringent policies, procedures, and infrastructure. This strategic partnership ensures that our data centers are safeguarded against physical threats and environmental hazards, providing our clients with the assurance that their data is housed in a secure and resilient environment.

Change Management

Change is inevitable, but at GXA, it is also deliberate and meticulously managed. Our change management process is characterized by thorough planning, rigorous testing, and controlled implementation to minimize disruptions and mitigate risks to our production environment. By adhering to strict change management protocols, we uphold the stability and reliability of our systems and services.

Auditing and Logging

Transparency and accountability are foundational principles of our security posture. We maintain a robust auditing and logging mechanism to track and monitor personnel access to systems and sensitive information. Access to auditing and logging tools is restricted to authorized individuals, ensuring the integrity and confidentiality of our audit trails.

Antivirus and Malware Protection

In today’s threat landscape, proactive defense is essential. GXA employs centralized management and configuration of antivirus and malicious code protection to safeguard against emerging threats. Regular updates ensure that our defenses remain resilient and effective against evolving malware and intrusion attempts.

System Backups

Data is a critical asset, and its protection is non-negotiable. GXA adheres to stringent backup standards, guidelines, and procedures to ensure the scheduled and timely backup and restoration of data. Through diligent backup practices, we mitigate the risk of data loss and ensure business continuity in the face of unforeseen events.

Network Security

Our network infrastructure serves as the backbone of our operations, and its security is paramount. Infrastructure servers are shielded behind robust firewalls and subjected to continuous monitoring to detect and prevent various network security threats. Through proactive threat detection and mitigation measures, we safeguard the confidentiality, integrity, and availability of our network resources.

Vulnerability Management

In an ever-changing threat landscape, proactive identification and mitigation of vulnerabilities are imperative. GXA conducts regular vulnerability scans to identify potential security weaknesses and assess the effectiveness of our patch management program. Each vulnerability is meticulously reviewed, prioritized based on risk, and assigned to the appropriate teams for prompt remediation.

Incident Management

Despite our best efforts, security incidents may still occur. However, GXA is well-prepared to respond swiftly and effectively. We have developed a formalized incident response plan and associated procedures to guide our response efforts in the event of an information security incident. Through proactive planning and preparation, we minimize the impact of incidents and swiftly restore normal operations.

Data Protection

Protecting the confidentiality, integrity, and availability of our clients’ data is at the core of everything we do. GXA employs a multi-layered approach to data protection, implementing robust encryption, access controls, and data loss prevention measures to safeguard sensitive information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Business Continuity and Disaster Recovery

Disruptions to our operations are inevitable, but our commitment to resilience ensures that such disruptions are temporary. GXA maintains a comprehensive business continuity and disaster recovery program to minimize service interruption in the face of hardware failure, natural disasters, or other catastrophic events. Through diligent planning, redundant systems, and regular testing, we ensure the continuity of critical business operations and the timely restoration of services.

At GXA, security is not just a checkbox; it’s a mindset ingrained in everything we do. By prioritizing the confidentiality, integrity, and availability of our systems and data, we uphold the trust and confidence of our clients and stakeholders, reinforcing our position as a leader in information security and trusted partner in the digital age.