Security

Compliance

Certifications and Frameworks

The Gtmhub SaaS platform undergoes a regular third-party audit to certify its compliance with SOC 2 Type II – one of the most important security frameworks for software platforms.

To obtain a copy of our SOC 2 report please contact your Account Executive or our Sales team directly. A high-level version of the report, known as the SOC 3 report, is available for instant download.

Gtmhub also holds a Cyber Essentials certification - a UK government information assurance scheme operated by the National Cyber Security Centre (NCSC).

GDPR

Gtmhub is compliant with the General Data Protection Regulation (GDPR) which went into effect on May 25, 2018. The company has worked relentlessly to enhance its products, processes, and procedures, while fulfilling its obligations as a data processor.

Infrastructure

System Аrchitecture

The Gtmhub platform is designed with a multitier architecture, in order to ensure security and reliability. All services and applications are deployed in a cloud environment behind a software firewall, configured to allow only encrypted traffic. Cross-service communications use a separate private network, that is physically isolated from any public traffic.

Business Continuity and Disaster Recovery

The Gtmhub application is built with fault tolerance capability. Each of our services run on high-availability clusters that provide continued service when a system component fails.
In addition, our application is deployed in a Microsoft Azure Availability Zone, made up of multiple datacenters. They are equipped with independent power, cooling, and networking components, protecting services against single data center failures.

Data Centers

Our application is hosted and managed in Microsoft Azure secure data centers. Тhese data centers meet some of the most rigorous security standards:

• ISO 27001 and ISO 22301
• SOC 1 and SOC 2
• PCI DSS Level 1

Gtmhub’s extensive use of the capabilities and services provided by Azure Cloud increases privacy and control network access throughout our system. More information about the physical data center security is available here.

Vulnerability Scans & Penetration Testing

Gtmhub uses security tools to continuously scan its web application for security vulnerabilities. Dependencies, including third-party libraries and tools, are monitored and updated promptly when new issues are discovered. Our application undergoes regular security reviews and Penetration Testing by an independent consultant to identify potential vulnerabilities.

Data in Transit

Encryption

All web and mobile application traffic are served over encrypted connections. We enforce HTTP Strict Transport Security for all resources, including our REST API and public website. This ensures that all communication with Gtmhub assets occurs over a secure channel.

Secure connections are established only over non-vulnerable cryptographic protocols – TLS 1.2 and TLS 1.3. The Gtmhub team closely monitors the security community and is committed to promptly upgrading our services in response to the evolving threat landscape.

Data at Rest

Data Storage

Gtmhub data stores are accessible only by servers that require access. All data at rest is encrypted with AES 256 which is one of the most secure encryption protocols. To maximize protection, there is no direct connectivity between our Production, Staging and Development environments.

Backups

We maintain secure encrypted backups of client data stored for a period of 6 months. Full data backups are taken every 10 minutes to ensure Recovery Point Objective that meets client expectations considering the dynamic nature of our application.

All backups are encrypted and transferred to an external data center while preserving data residency (Europe or the United States of America) using a secure TLS connection.

Logs

Gtmhub uses a centralized logging system for both pre-production and the production environment. The logging system contains information for the healthy operation of our services and their availability. The logging system does not aggregate any client content. The collected information is used only by our staff for troubleshooting and resolving service outages.

Authentication

Single Sign-On and Password Management

All service available endpoints are secured using a third party SOC 2 Type II certified authentication vendor www.auth0.com. Authentication tokens for Single Sign-On are signed and verified with SHA-256 grade cryptographic hash function.

If password-based authentication is used, the passwords are stored in Auth0’s database encrypted with strong Bcrypt function resistant to brute-force attacks.

User roles

We provide multiple built-in user roles with different permissions levels within the product. Those include account admins, data, HCM, and regular users. Clients have the option to create custom roles with a specific permission set that suits their needs and map them to existing groups from their Active Directory.

Policies and Procedures

Gtmhub has developed a comprehensive set of security policies and procedures covering a wide range of topics. We conduct regular policy reviews, and all employees are trained accordingly. Some of the controls imposed by policies include Incident Response, Acceptable Use, HR and Personnel Security, BYOD, Data Classification, Risk Management, Vendor Management.