Information Security
This Security Statement aims to provide information about GXA's security position and practices.
SOC 2 Type II Attestation
GXA has obtained SOC 2 Type II attestation, confirming that our systems, processes, and internal controls meet industry-recognized standards for security, availability, and confidentiality.
This attestation demonstrates our commitment to safeguarding client data and reduces your exposure to breaches and liabilities.
Detailed SOC 2 reports are available upon request under NDA.
ISO 9001 Certification
GXA maintains ISO 9001:2015 certification, signifying our commitment to delivering high-quality products and services.
This certification ensures streamlined processes, enhanced efficiency, and increased customer satisfaction through adherence to internationally recognized quality management standards.
Information Security Policy
GXA's Information Security Policy outlines employee responsibilities and acceptable use of information system resources.
Regular reviews ensure our policies remain current and effective against evolving cybersecurity threats.
Organizational Security
Following the NIST Cybersecurity Framework, GXA implements layered security controls for identifying, preventing, detecting, and responding to security incidents.
Our approach includes continuous monitoring, vulnerability assessments, and comprehensive risk management practices.
Personnel Security
All new hires sign confidentiality agreements and affirm their understanding of GXA's code of conduct policy.
This fosters accountability and integrity throughout our organization.
Physical & Environmental Security
GXA partners with Tier 1 data center providers with stringent policies protecting against physical threats and environmental hazards.
Additional Security Controls
GXA maintains comprehensive security controls across all operational areas:
- Change Management: Structured processes for implementing system changes
- Auditing & Logging: Comprehensive activity tracking and monitoring
- Antivirus Protection: Multi-layered malware defense
- System Backups: Regular, tested backup and recovery procedures
- Network Security: Defense-in-depth network architecture
- Vulnerability Management: Continuous scanning and remediation
- Incident Management: Documented response and escalation procedures
- Data Protection: Encryption and access controls for sensitive data
- Business Continuity: Disaster recovery and continuity planning
Questions About Our Security Practices?
For more information about GXA's security practices or to request our SOC 2 report, please contact us: