ISO-27001 CERTIFIED SECURITY FOR YOUR PEACE OF MIND
The Global Challenge (formerly known as GCC) is designed to make it easy to roll out in your organization. It’s delivered online and there’s no special software to download and install and we look after all of the technical and environmental aspects of the program for you. An integral part of this management is looking after the security of the online platform and environment, so you can be comfortable knowing that your data is in safe hands.
While it is ultimately up to any participating organization to evaluate the Global Challenge (formerly known as GCC) offering against their own requirements and specific constraints to determine if our service satisfies your needs, we are committed to being fully transparent regarding the security controls in place to safeguard your data and our approach to compliance from an information security perspective.
If you are interested in reviewing our full response to information security questions, including a detailed mapping of the Global Challenge’s application and infrastructure security controls to those set out in the ISO 27002 controls, you can request a copy of our Standard Response to Request for Information package.
ISO 27001:2013 Certification
The Global Challenge (formerly known as GCC) is certified against ISO/IEC 27001:2013, a robust and comprehensive global information security standard. Meeting this international standard validates that Global Challenge has implemented best practice information security controls, including requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) within the context of the organization's overall business risks.
BSI Group, an independent third-party auditor, has verified that the Global Challenge (formerly known as GCC) fulfils the standard’s requirements through controls and protocols in place around the following comprehensive security control areas, as set forth in the standard:
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
Verified international privacy practices
We understand that data is not bound by the same geographical restrictions as in the past and privacy practices need to be aligned with international best practice, as well as global data protection legislation.
The Global Challenge (formerly known as GCC) complies with all applicable data protection and privacy legislation of the countries in which we conduct business and where we engage in the collection, processing, storing, and transfer of information from participants. This includes being registered as a Data Controller under the ICO Data Protection Register (registration number: Z3513447) and self-certifying to the EU-U.S. Privacy Shield.
US-EU Privacy Shield
We comply with the US-EU Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from customers in the European Union member countries. We have certified adherence to the Privacy Shield Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
The Federal Trade Commission (FTC) has jurisdiction over our compliance with the Privacy Shield.