Global Impact Assessment (GIA) Data Security Policy
​Effective Date: 07/07/2024
​
Introduction: At Global Impact Assessment (GIA), we are committed to ensuring the security and confidentiality of the personal and professional data we collect and process. This Data Security Policy outlines the measures we have implemented to protect data from unauthorized access, breaches, and other security threats.
​
1. Data Security Measures:
-
Encryption: We use industry-standard encryption protocols to protect data during transmission and storage. Sensitive data is encrypted using advanced encryption techniques to ensure confidentiality and integrity.
-
Access Controls: We have established strict access controls to limit access to data based on the principle of least privilege. Only authorized personnel with a legitimate need to access data are granted access.
-
Authentication: Multi-factor authentication (MFA) is implemented for all systems and applications to ensure that only authorized users can access data.
-
Regular Security Assessments: We conduct regular security assessments, including vulnerability scans, penetration testing, and security audits, to identify and mitigate potential risks.
-
Firewall Protection: Robust firewall systems are in place to protect our network from unauthorized access and cyber threats.
-
Intrusion Detection and Prevention: We utilize intrusion detection and prevention systems (IDPS) to monitor network traffic for suspicious activity and respond to potential threats in real-time.
2. Data Handling and Storage:
-
Data Minimization: We collect and process only the data necessary for specific purposes. Unnecessary data is not collected or retained.
-
Data Retention: Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once no longer needed, data is securely deleted or anonymized.
-
Secure Storage: All data is stored in secure environments with appropriate physical and technical safeguards to prevent unauthorized access and data breaches.
3. Employee Training and Awareness:
-
Security Training: All employees undergo regular security training to stay informed about the latest security threats and best practices for data protection.
-
Security Policies: Employees are required to adhere to our internal security policies and procedures, including guidelines for handling sensitive data and reporting security incidents.
4. Incident Response:
-
Incident Response Plan: We have an established incident response plan to promptly address and mitigate the impact of any security incidents. The plan includes procedures for identifying, containing, eradicating, and recovering from incidents.
-
Reporting Incidents: Employees and partners are encouraged to report any suspected security incidents or breaches immediately to our security team for investigation and response.
5. Third-Party Security:
-
Vendor Management: We evaluate the security practices of third-party vendors and service providers to ensure they meet our security standards. Contracts with third parties include data protection and security clauses.
-
Third-Party Audits: We conduct regular audits and assessments of third-party vendors to verify their compliance with our security requirements.
6. Compliance and Governance:
-
Regulatory Compliance: Our data security practices comply with relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR), the EU-U.S. Data Privacy Framework (DPF), and other applicable standards.
-
Security Governance: We have a dedicated security team responsible for overseeing and implementing our data security strategy. The team regularly reviews and updates security policies and procedures to address evolving threats.
7. Continuous Improvement:
-
Ongoing Monitoring: We continuously monitor our systems and processes to detect and respond to emerging security threats.
-
Security Enhancements: We regularly review and enhance our security measures to stay ahead of new vulnerabilities and cyber threats.​
​
Contact Us: If you have any questions or concerns about our data security practices, please contact us at:
client.support@globalimpactassessment.com