Security & Compliance Policies
From advanced encryption techniques to thorough employee training programs, we go above and beyond to guarantee the security of your work environment.
OUR DATA SECURITY MEASURES
| ISO.27001 | Glartek is certified by SGS for the ISO 27001 security certification, the international standard for Information Security Management Systems (ISMS). You can access our official certification document here. |
| GDPR | We respect the EU’s General Data Protection Regulation, which outlines strict protections for consumer data, prioritizing integrity and confidentiality and limiting how organizations can handle data. |
| SOC 2 Type II | We build our products to be compliant with AICPA’s SOC for Service Organizations Trust Services Criteria (SOC 2). |
ENSURING THE SAFETY OF YOUR INFORMATION
1 | Platform Access
| Authentication | Single Sign-on (SSO), Lightweight Directory Access Protocol (LDAP) and SAML to authenticate users in systems. |
| Password | Enforce password complexity and expiration.s in systems. |
| Roles and Permissions | Configurable user access to data and features.Enforce password complexity and expiration.s in systems. |
2 | Customer Data
| Encrypted | Industry leading standard protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards). |
| Transfer | Data transfers within or between countries/regions respect the EU, Swiss, UK and CCPA legislations. |
| Auditable | All user and device actions and Data changes are logged for audit purposes. |
3 | Availability
| Uptime | Redundant hosting partners providing 99.9% uptime SLAs. |
| Hardened Virtual Private Cloud | Servers in separated infrastructure to prevent unauthorized access to/from our IT network. |
| Backups | All customer Data is backed up off-site at least on a daily basis. |
CYBER SECURITY CONTINUOUS IMPROVEMENT
1 | Our Company
| CISO | We have appointed an experienced CISO full-time employee. |
| Risk Assessments | We regularly perform Processes, Policies and Procedures (3P) and Privacy Impact self-assessments. |
| Security Assessments | We work with partners for independent company and product assessments, such as black-box penetration testing. |
2 | Our Employees
| Training | All employees undergo software development life-cycle security and awareness training annually. |
| Confidentially | All employee and partner contracts include confidentiality clauses. |
| Data access | All access to customer data is registered, logged and reported to the customer. |
Contact Us
For further information, please contact Glartek’s security team by email at [email protected].