GFoundry Governance Framework for Information Security

Legal · Information Security

Information Security & Governance

Updated October 17, 2023Responsible entity GFoundry Lda

GFoundry is a platform that many companies use, and it takes data security very seriously. This document explains how GFoundry makes sure that data is safe for all its users.

1Multi-company (multi-tenant)

GFoundry is a Multi-Company (Multi-Tenant) product, serving diverse organizations. Our governance framework ensures robust information security across multiple companies and tenants. This involves the implementation of role-based access controls, data isolation practices, and stringent security measures to prevent unauthorized access to each company’s sensitive data.

2Software as a Service (SaaS)

As a SaaS platform, GFoundry recognizes that security is a shared responsibility between our platform and our valued users. Our framework defines clear roles and responsibilities for both parties in ensuring the utmost data security. This encompasses data encryption, authentication protocols, and strict adherence to industry standards.

3Integration with existing platforms

GFoundry seamlessly integrates with various platforms, including ERP systems and communication applications. Our governance framework ensures the secure import and export of data between these systems. Stringent protocols for data encryption and authentication are incorporated into our integration processes to safeguard your information.

4Gamification and user data

GFoundry utilizes gamification and collects user data to enhance engagement and offer rewards. Our governance framework encompasses comprehensive data privacy policies, user consent mechanisms, and data retention policies to safeguard the privacy and rights of our users.

5Community aggregation and communication

To facilitate internal communication and community aggregation, our framework specifies robust security measures. We address user access controls, content moderation strategies, and mechanisms to prevent unauthorized access to community groups, fostering a secure and engaging environment.

6Engagement thermometer and organizational climate monitoring

Certain features of GFoundry collect sensitive feedback data. Our framework outlines stringent practices for anonymizing, securely storing, and responsibly utilizing this data to drive organizational improvement. This is achieved without compromising the privacy and confidentiality of user information.

7Compliance and auditing

We are committed to compliance with relevant regulations, including but not limited to GDPR. Our governance framework incorporates robust auditing procedures to ensure consistent adherence to security measures. Regular security assessments and vulnerability scans are conducted to uphold the highest standards of data security.

8Incident response and reporting

In the event of a security incident, our governance framework provides clear and comprehensive guidelines for reporting, investigating, and mitigating the incident. We have defined communication channels for notifying affected parties promptly, ensuring transparency and accountability in addressing security concerns.

9Compliance documents (available on request)

As part of our ongoing commitment to transparency, security, and legal compliance, GFoundry maintains a comprehensive and up-to-date set of documents covering compliance, information security, privacy, and auditing. These include internal policies, independent audit reports (SOC 1, SOC 2, SOC 3, and Google’s C5 certification), legal agreements, and training procedures.

Legal and contractual

  • Licensing Agreement
  • Terms of Service
  • Confidentiality Agreement with Google (NDA)
  • Service Level Agreement (SLA)
  • Data Processing Addendum with OpenAI (DPA)

Data protection and compliance

  • Privacy Policy
  • Cookie Policy
  • Gi Learning Service Privacy Policy
  • GDPR Compliance Measures
  • AI Compliance Statement
  • GiBot Security Overview

Google certifications and audits

  • SOC 1, SOC 2 and SOC 3 Reports
  • C5 Certification (Cloud Compliance – BSI)

Information security

  • Cryptographic Key Management Policy
  • Incident Governance Framework
  • Quality and Security Policies
  • Access and Authentication Policy

Ethics and governance

  • Code of Ethics and Conduct

Training and procedures

  • Employee Training Procedure
  • Client Training Procedure

Technical architecture

  • Services Overview
  • Detailed Architecture Description

These documents can be shared upon request. If you would like to review any of them, contact [email protected] specifying which documents you would like to receive.

↑ Back to top