Security
Protecting customer data is a top priority at Gtmhub. We understand that you are trusting us with your most valuable asset - your corporate data – and we are sincerely committed to securing it.
Compliance
Certifications and Frameworks
The Gtmhub SaaS platform undergoes a regular third-party audit to certify its compliance
with SOC 2 Type II – one of the most important security frameworks for software
platforms.
To obtain a copy of our SOC 2 report please contact your Account
Executive or our Sales team directly. A high-level
version of the report, known as the SOC 3
report, is available for instant download.
Gtmhub also holds a Cyber
Essentials certification - a UK government information assurance scheme operated
by the National Cyber Security Centre (NCSC).
GDPR
Gtmhub is compliant with the General Data Protection Regulation (GDPR) which went into effect on May 25, 2018. The company has worked relentlessly to enhance its products, processes, and procedures, while fulfilling its obligations as a data processor.
Infrastructure
System Аrchitecture
The Gtmhub platform is designed with a multitier architecture, in order to ensure security and reliability. All services and applications are deployed in a cloud environment behind a software firewall, configured to allow only encrypted traffic. Cross-service communications use a separate private network, that is physically isolated from any public traffic.
Business Continuity and Disaster Recovery
The Gtmhub application is built with fault tolerance capability. Each of our services run
on high-availability clusters that provide continued service when a system component
fails.
In addition, our application is deployed in a Microsoft Azure Availability
Zone, made up of multiple datacenters. They are equipped with independent power,
cooling, and networking components, protecting services against single data center
failures.
Data Centers
Our application is hosted and managed in Microsoft Azure secure data centers. Тhese data centers meet some of the most rigorous security standards:
- ISO 27001 and ISO 22301
- SOC 1 and SOC 2
- PCI DSS Level 1
Gtmhub’s extensive use of the capabilities and services provided by Azure Cloud increases privacy and control network access throughout our system. More information about the physical data center security is available here.
Vulnerability Scans & Penetration Testing
Gtmhub uses security tools to continuously scan its web application for security vulnerabilities. Dependencies, including third-party libraries and tools, are monitored and updated promptly when new issues are discovered. Our application undergoes regular security reviews and Penetration Testing by an independent consultant to identify potential vulnerabilities.
Data in Transit
Encryption
All web and mobile application traffic are served over encrypted connections. We enforce
HTTP Strict Transport Security for all resources, including our REST API and public
website. This ensures that all communication with Gtmhub assets occurs over a secure
channel.
Secure connections are established only over non-vulnerable
cryptographic protocols – TLS 1.2 and TLS 1.3. The Gtmhub team closely monitors the
security community and is committed to promptly upgrading our services in response to
the evolving threat landscape.
Data at Rest
Data Storage
Gtmhub data stores are accessible only by servers that require access. All data at rest is encrypted with AES 256 which is one of the most secure encryption protocols. To maximize protection, there is no direct connectivity between our Production, Staging and Development environments.
Backups
We maintain secure encrypted backups of client data stored for a period of 6 months. Full
data backups are taken every 10 minutes to ensure Recovery Point Objective that meets
client expectations considering the dynamic nature of our application.
All
backups are encrypted and transferred to an external data center while preserving data
residency (Europe or the United States of America) using a secure TLS connection.
Logs
Gtmhub uses a centralized logging system for both pre-production and the production environment. The logging system contains information for the healthy operation of our services and their availability. The logging system does not aggregate any client content. The collected information is used only by our staff for troubleshooting and resolving service outages.
Authentication
Single Sign-On and Password Management
All service available endpoints are secured using a third party SOC 2 Type II certified
authentication vendor www.auth0.com.
Authentication tokens for Single Sign-On are signed and verified with SHA-256 grade
cryptographic hash function.
If password-based authentication is used, the
passwords are stored in Auth0’s database encrypted with strong Bcrypt function resistant
to brute-force attacks.
User roles
We provide multiple built-in user roles with different permissions levels within the product. Those include account admins, data, HCM, and regular users. Clients have the option to create custom roles with a specific permission set that suits their needs and map them to existing groups from their Active Directory.
Policies and Procedures
Gtmhub has developed a comprehensive set of security policies and procedures covering a wide range of topics. We conduct regular policy reviews, and all employees are trained accordingly. Some of the controls imposed by policies include Incident Response, Acceptable Use, HR and Personnel Security, BYOD, Data Classification, Risk Management, Vendor Management.