GTN Privacy and Security

Compliance

• GTN is in compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We are on the authoritative DPF list that is maintained by the US Department of Commerce and is made available to the public on their website located here: https://www.dataprivacyframework.gov/s/participant-search.
• We partner with VeraSafe, a well-established and respected organization to ensure we are up to date on global data security matters (e.g., General Data Protection Regulation (GDPR) readiness) and that our web-based tools are secure.
• We complete an annual SOC 2 Type 2 audit, and the most recent audit report is available by contacting privacy@gtn.com.
• We monitor updates to laws as well as guidance issued by authorities and subject matter experts to confirm our data processing activities are fully compliant with applicable privacy laws.
• Periodic updates are made to our policies and agreements with third parties (e.g., we update our internal procedures and our Data Processing Addendums whenever necessary due to significant developments in data protection laws and regulations that apply to our business operations).

Security

• To provide additional, high-level security, we have implemented Next Gen Firewall, Anti-Malware, and Intrusion Protection System tools; Multi-Factor Authentication, Encryption Solutions, and Email Management Security Services with advanced Spam and Virus protection capabilities including “Threat Emulation” and URL analysis.
• Our third-party security consultant completes annual internal, external, and application-level vulnerability and penetration assessments. Our consultant also conducts external vulnerability scans monthly.
• Randomized simulations to observe and educate on user security awareness pertaining to phishing, smishing, etc.
• Required security training for company personnel.
• Background checks for all employees and contractors with GTN.
  

Logging and Monitoring

• SIEM tools are used to gather and report on events and logs providing a quick response to events that are outside normal operations.
• Enhanced logging and auditing are used for accounts with advanced permissions.
• User and Event logging enabled with our PaaS and Cloud services.
• Access to data and data shares are logged, reviewed, and updated on a scheduled basis.
  

Policies and Procedures

• Policies and Procedures are reviewed with the GTN Executive Team on a regular basis.
• We have formal policies and procedures in place related to the following key areas:
  • Acceptable Use
  • Bring Your Own Device
  • Business Continuity (BC/DR)
  • Data Security
  • End User Security
  • Incident Response
  • Personal Data Standards
  • Risk Assessment
  • Shredding and Data Destruction
  • Technical Control
  • Vendor Management

Do you have questions about our privacy and security procedures?