The Global Challenge (formerly known as GCC) understands that many of our clients operate in tightly regulated industries and need to comply with stringent security and privacy standards.

That’s why we have successfully achieved certification against the International Standards Organization (ISO) requirements governing information security best practice and been independently audited by global auditing body, BSI Group. We are proud to be ISO 27001:2013-certified, which is a clear sign of our commitment to protecting your information.


The Global Challenge (formerly known as GCC) is designed to make it easy to roll out in your organization. It’s delivered online and there’s no special software to download and install and we look after all of the technical and environmental aspects of the program for you. An integral part of this management is looking after the security of the online platform and environment, so you can be comfortable knowing that your data is in safe hands.

While it is ultimately up to any participating organization to evaluate the Global Challenge (formerly known as GCC) offering against their own requirements and specific constraints to determine if our service satisfies your needs, we are committed to being fully transparent regarding the security controls in place to safeguard your data and our approach to compliance from an information security perspective.

If you are interested in reviewing our full response to information security questions, including a detailed mapping of the Global Challenge’s application and infrastructure security controls to those set out in the ISO 27002 controls, you can request a copy of our Standard Response to Request for Information package.

ISO 27001:2013 Certification

ISO/IEC 27001

The Global Challenge (formerly known as GCC) is certified against ISO/IEC 27001:2013, a robust and comprehensive global information security standard. Meeting this international standard validates that Global Challenge has implemented best practice information security controls, including requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) within the context of the organization's overall business risks.

BSI Group, an independent third-party auditor, has verified that the Global Challenge (formerly known as GCC) fulfils the standard’s requirements through controls and protocols in place around the following comprehensive security control areas, as set forth in the standard:

  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

View a copy of our ISO/IEC 27001:2013 certificate.


Our Privacy Statement describes the specific privacy policy and practices that govern our storage, processing, and use of your information.

Verified international privacy practices


We understand that data is not bound by the same geographical restrictions as in the past and privacy practices need to be aligned with international best practice, as well as global data protection legislation.

The Global Challenge (formerly known as GCC) complies with all applicable data protection and privacy legislation of the countries in which we conduct business and where we engage in the collection, processing, storing, and transfer of information from participants. This includes being registered as a Data Controller under the ICO Data Protection Register (registration number: Z3513447) and self-certifying to the EU-U.S. Privacy Shield.

The Global Challenge (formerly known as GCC) has additionally been independently audited and awarded TRUSTe's Privacy Seal, signifying that our privacy policy and practices across our web platform, mobile apps, and email communications have been reviewed by TRUSTe for compliance with TRUSTe's program requirements, including transparency, accountability and choice regarding the collection and use of your personal information.

US-EU Privacy Shield

Safe Harbour

We comply with the US-EU Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from customers in the European Union member countries. We have certified adherence to the Privacy Shield Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program, and to view our certification, please visit

The Federal Trade Commission (FTC) has jurisdiction over our compliance with the Privacy Shield.