This Security Statement is aimed at providing you with more information about our security position and practices.
SOC 2 Type II Attestation
We are pleased to announce that GXA has successfully obtained our SOC 2 Type II attestation, which highlights our stringent internal controls and robust measures for safeguarding client data. This attestation confirms that we adhere to industry-recognized standards, ensuring the safety and effectiveness of our security protocols.
With the SOC 2 Type II attestation, you can have full confidence that our practices align with regulatory requirements and provide tangible evidence of our commitment to security. This achievement reduces your exposure to potential breaches and associated liabilities, affirming that your information is managed with the highest level of care and protection. Feel free to request a copy of our SOC 2 Type II report for detailed insights into our security measures.
ISO 9001 Certification
GXA maintains an ISO 9001 certification. Our ISO 9001 certification signifies our unwavering commitment to consistently delivering high-quality products and services that exceed customer expectations. By partnering with us, you can expect streamlined processes, enhanced efficiency, and increased customer satisfaction. Our adherence to internationally recognized quality standards not only ensures regulatory compliance but also boosts our credibility as a reliable and trustworthy partner. We are dedicated to continuous improvement.
Copy of our ISO 9001 certification is available upon request.
Information Security Policy
At GXA, safeguarding sensitive information and maintaining the integrity, confidentiality, and availability of our systems is paramount. Our Information Security policy serves as a foundational document, outlining the responsibilities of our employees and defining the acceptable use of information system resources. Regular reviews and updates ensure that our policies remain current and effective in the ever-evolving landscape of cybersecurity threats.
Organizational Security
Aligned with the esteemed NIST Cybersecurity Framework, GXA has implemented a comprehensive organizational security strategy. This strategy incorporates layered security controls designed to proactively identify, prevent, detect, and respond to security incidents. Through diligent monitoring, vulnerability assessments, threat mitigation efforts, and robust risk management practices, we strive to uphold the highest standards of security across all facets of our operations.
Personnel Security
Our employees are not just representatives of GXA; they are stewards of our clients’ trust and data. To ensure the integrity of our workforce, we enforce strict guidelines and expectations for employee conduct. All new hires are required to sign confidentiality agreements and affirm their understanding and adherence to GXA’s code of conduct policy. By fostering a culture of accountability and integrity, we fortify the foundation upon which our security practices stand.
Physical & Environmental Security
Recognizing the critical importance of physical and environmental security, GXA has entrusted its data center operations to a Tier 1 provider renowned for its stringent policies, procedures, and infrastructure. This strategic partnership ensures that our data centers are safeguarded against physical threats and environmental hazards, providing our clients with the assurance that their data is housed in a secure and resilient environment.
Change Management
Change is inevitable, but at GXA, it is also deliberate and meticulously managed. Our change management process is characterized by thorough planning, rigorous testing, and controlled implementation to minimize disruptions and mitigate risks to our production environment. By adhering to strict change management protocols, we uphold the stability and reliability of our systems and services.
Auditing and Logging
Transparency and accountability are foundational principles of our security posture. We maintain a robust auditing and logging mechanism to track and monitor personnel access to systems and sensitive information. Access to auditing and logging tools is restricted to authorized individuals, ensuring the integrity and confidentiality of our audit trails.
Antivirus and Malware Protection
In today’s threat landscape, proactive defense is essential. GXA employs centralized management and configuration of antivirus and malicious code protection to safeguard against emerging threats. Regular updates ensure that our defenses remain resilient and effective against evolving malware and intrusion attempts.
System Backups
Data is a critical asset, and its protection is non-negotiable. GXA adheres to stringent backup standards, guidelines, and procedures to ensure the scheduled and timely backup and restoration of data. Through diligent backup practices, we mitigate the risk of data loss and ensure business continuity in the face of unforeseen events.
Network Security
Our network infrastructure serves as the backbone of our operations, and its security is paramount. Infrastructure servers are shielded behind robust firewalls and subjected to continuous monitoring to detect and prevent various network security threats. Through proactive threat detection and mitigation measures, we safeguard the confidentiality, integrity, and availability of our network resources.
Vulnerability Management
In an ever-changing threat landscape, proactive identification and mitigation of vulnerabilities are imperative. GXA conducts regular vulnerability scans to identify potential security weaknesses and assess the effectiveness of our patch management program. Each vulnerability is meticulously reviewed, prioritized based on risk, and assigned to the appropriate teams for prompt remediation.
Incident Management
Despite our best efforts, security incidents may still occur. However, GXA is well-prepared to respond swiftly and effectively. We have developed a formalized incident response plan and associated procedures to guide our response efforts in the event of an information security incident. Through proactive planning and preparation, we minimize the impact of incidents and swiftly restore normal operations.
Data Protection
Protecting the confidentiality, integrity, and availability of our clients’ data is at the core of everything we do. GXA employs a multi-layered approach to data protection, implementing robust encryption, access controls, and data loss prevention measures to safeguard sensitive information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Business Continuity and Disaster Recovery
Disruptions to our operations are inevitable, but our commitment to resilience ensures that such disruptions are temporary. GXA maintains a comprehensive business continuity and disaster recovery program to minimize service interruption in the face of hardware failure, natural disasters, or other catastrophic events. Through diligent planning, redundant systems, and regular testing, we ensure the continuity of critical business operations and the timely restoration of services.
At GXA, security is not just a checkbox; it’s a mindset ingrained in everything we do. By prioritizing the confidentiality, integrity, and availability of our systems and data, we uphold the trust and confidence of our clients and stakeholders, reinforcing our position as a leader in information security and trusted partner in the digital age.