GTN Privacy and Security

Compliance

• GTN is in compliance with the former EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks. We are on the authoritative Privacy Shield list that is maintained by the US Department of Commerce and is made available to the public on their website located here: https://www.privacyshield.gov.
• We partner with VeraSafe, a well-established and respected organization to ensure we are up to date on global data security matters (e.g., General Data Protection Regulation (GDPR) readiness) and that our web-based tools are secure.
• We complete an annual SOC 2 Type 2 audit, and the most recent audit report is available by contacting privacy@gtn.com.
• We monitor updates to laws as well as guidance issued by authorities and subject matter experts to confirm our data processing activities are fully compliant with applicable privacy laws.
• Periodic updates are made to our policies and agreements with third parties (e.g., our Data Processing Addendums were updated to enable us to lawfully and safely transfer personal data outside of the European Union (EU) following the decision of the Court of Justice of the EU in the 2020 "Schrems II" case).

Security

• To provide additional, high-level security, we have implemented Next Gen Firewall, Anti-Malware, and Intrusion Protection System tools; Multi-Factor Authentication, Encryption Solutions, and Email Management Security Services with advanced Spam and Virus protection capabilities including “Threat Emulation” and URL analysis.
• Our third-party security consultant completes annual internal, external, and application-level vulnerability and penetration assessments. Our consultant also conducts external vulnerability scans monthly.
• Randomized simulations to observe and educate on user security awareness pertaining to phishing, smishing, etc.
• Required security training for company personnel.
• Background checks for all employees and contractors with GTN.
  

Logging and Monitoring

• SIEM tools are used to gather and report on events and logs providing a quick response to events that are outside normal operations.
• Enhanced logging and auditing are used for accounts with advanced permissions.
• User and Event logging enabled with our PaaS and Cloud services.
• Access to data and data shares are logged, reviewed, and updated on a scheduled basis.
  

Policies and Procedures

• Policies and Procedures are reviewed with the GTN Executive Team on a regular basis.
• We have formal policies and procedures in place related to the following key areas:
  • Acceptable Use
  • Bring Your Own Device
  • Business Continuity (BC/DR)
  • Data Security
  • End User Security
  • Incident Response
  • Personal Data Standards
  • Risk Assessment
  • Shredding and Data Destruction
  • Technical Control
  • Vendor Management

Do you have questions about our privacy and security procedures?