Technical and Organizational Measures at G & Co.

‍G & Co. is committed to ensuring that all of our security and privacy practices comply with relevant local and international laws and regulations. We tailor our approach to meet the specific legal requirements of each project, ensuring adherence to frameworks such as GDPR, CCPA, and other applicable data protection laws. Our internal processes are designed to stay up to date with evolving legal standards, and we work closely with legal advisors to ensure that our security measures align with regulatory requirements. We also implement contractual safeguards and compliance audits as necessary to ensure that all aspects of our operations meet these standards.

‍Security Governance Structure
‍G & Co. has established a project-specific security governance approach by appointing security leads for each engagement. This ensures that security practices align with the unique requirements of each project, while maintaining the integrity of internal systems.

‍Internal Policies and Documentation
‍G & Co. has implemented a comprehensive set of internal security guidelines, including an IT Code of Conduct, security protocols for project management, and data access control policies. These documents are audited internally on a project-by-project basis to ensure compliance and the security of our systems.

‍Employee Security Training and Awareness
‍To maintain a high level of security consciousness across the organization, G & Co. conducts annual security and privacy training programs. Employees are trained in recognizing and handling security threats such as phishing attempts and are regularly updated on the latest security best practices.

‍Software Development Process
‍G & Co.'s software development process is focused on creating secure and scalable solutions for our clients. Although we do not process sensitive client data directly, we incorporate industry best practices into our software development lifecycle to ensure that all systems we design and develop meet high standards of security, reliability, and performance. Our development practices include rigorous code reviews, vulnerability testing, and secure coding methodologies. Additionally, our development teams work closely with clients to ensure that the software aligns with their security requirements and supports the integrity of their sensitive information.

‍Use of Information and Information Technology Devices
‍While we do not handle or process sensitive client data directly, we maintain strict internal policies governing the acceptable use of information and IT devices for our employees and contractors. These policies ensure that all information related to our projects is accessed, stored, and transmitted in a secure manner. All employees are required to adhere to guidelines that limit access to internal systems and project information based on role-specific needs. The use of IT devices is governed by security protocols that enforce strong authentication methods, data encryption, and secure communication channels to maintain the integrity of the systems we develop.




‍Data Transmission Safeguards

During Transfer
Any communication related to sensitive project information is secured with industry-standard encryption protocols, ensuring the confidentiality of data in transit.

‍Storage Security
While G & Co. does not store sensitive client data, all internal data is encrypted in storage. For project-related information, we follow best practices for data encryption to ensure the safety of our systems.


‍Access Control Measures

Cloud Infrastructure
G & Co. collaborates with cloud providers such as Microsoft Azure, AWS, and Google Cloud to securely host project infrastructure. We rely on vendor-provided security measures and compliance programs to ensure adherence to applicable regulations.

‍Physical Security of Internal Systems
All G & Co. office environments and internal systems are protected by physical access control measures. While we do not handle sensitive client data, we ensure internal systems are safeguarded through security protocols.

‍User Authentication and Access
We implement multi-factor authentication (MFA) and a stringent password policy to secure internal access to project data. Access rights are assigned based on role-specific requirements, and access is revoked when no longer needed.

‍Authorization Control
Access to systems is restricted based on the "need-to-know" principle. Requests for access are processed formally, and authorization is revoked when no longer necessary, ensuring that only appropriate personnel have access to project-related systems.

‍Network Protection
G & Co. employs network access controls to safeguard internal systems. These include security measures tailored to each project’s requirements, such as firewalls and other preventative tools to block unauthorized traffic.

‍Intrusion Prevention
G & Co. implements necessary intrusion detection and prevention systems to secure any environments developed for clients, ensuring ongoing protection.


‍System and Vulnerability Testing
‍
‍G & Co. conducts vulnerability assessments of its internal systems on a project basis to ensure that they are secure and free from weaknesses. This testing is performed with industry-standard tools to safeguard internal and project-specific environments.

‍Code of Conduct Compliance
All employees at G & Co. adhere to the company’s IT Code of Conduct, which includes strict security and ethical standards, as well as non-disclosure agreements that protect the integrity of internal systems.


‍Monitoring and Incident Reporting

Activity Monitoring
Our internal infrastructure logs system behavior and tracks activity across networks. This data is monitored to detect any anomalies or unusual activity that could indicate a security issue.

‍Incident Tracking and Reporting
Any incidents affecting internal systems are tracked and documented, including key details such as time, description, and resolution steps. G & Co. takes all necessary steps to minimize impact and will notify clients of relevant incidents based on project agreements.


‍System Uptime and Data Management

System Availability
G & Co. ensures the availability of its internal infrastructure to meet project requirements, maintaining high service continuity across our systems.

‍Storage Procedures
Internal data retention and deletion processes follow our established security protocols. All storage devices used for internal or project data are managed securely within our framework.


‍Addressing Non-Compliance
‍
‍At G & Co., all employees, contractors, and vendors are responsible for adhering to applicable security policies and privacy regulations. Any suspected or confirmed violations must be reported to internal security leads. Clients are notified when required, based on specific project terms.


‍Project-Specific Security Enhancements
‍
‍G & Co. tailors security measures to meet the specific needs of each project, ensuring flexibility and responsiveness to client requirements.

When you visit or log in to our website, cookies  and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address.  We (or service providers on our behalf) may then send communications and marketing to these email or home addresses.  You may opt out of receiving this advertising by visiting

‍https://app.retention.com/optout