Data security
We secure your data by following the highest standards
Managing non-financial data with thousands of inputs is not an easy task to follow.
These are the fundamental principles we employ to manage your data and security.
Security compliance and accreditation
Compliance with laws, regulations, and international standards
nFADP
Generation Impact Global complies with nFADP by establishing clear data handling policies, securing data with encryption, and limiting access to authorised individuals only. We provide users with control over their data, including rights to access, correct, and delete their information.
GDPR
Generation Impact Global applies compliance with GDPR by obtaining explicit consent for data collection, providing transparency in data usage, and enabling users to exercise their rights to access, delete, or move their data. We apply data protection measures, including encryption, and adhere to strict data transfer protocols.
ISO/IEC 27001:2022
We take cybersecurity seriously, following universal security protocols to protect our customers and their data. Our ISO certification reflects commitment to maintaining the highest standards, safety, and compliance with globally recognized best practices.
Cloud Security
Data center and physical security
Generation Impact Global’s platform hosts customer data across multiple Microsoft Azure data centers: Switzerland North, France Central.
We partner with Microsoft Azure for cloud infrastructure. Azure’s data centers adhere to strict security standards, including physical security protocols like surveillance, access control, and disaster recovery measures. We conduct regular risk assessments of Azure’s services to ensure they meet our security and compliance requirements.
Azure Global InfrastructureNetwork security
Dedicated security team
Generation Impact Global has a comprehensive security program led by a dedicated team and a Chief Information Security Officer (CISO). Our team is responsible for overseeing all security practices, compliance with industry standards, and addressing emerging threats.
Network vulnerability scanning
Generation Impact Global uses internal security tools to conduct weekly vulnerability scans on all production environments. We also perform external network scans as part of our routine security practices.
Third-party penetration tests
At Generation Impact Global, we prioritize security by working with a trusted third-party firm to conduct annual penetration testing and vulnerability assessments. This helps us stay ahead of potential risks and keep our systems strong and reliable.
DDoS mitigation
Generation Impact Global employs Azure DDoS Protection services and integrates Cloudflare and Web Application Firewalls (WAF) to safeguard our cloud environment from Distributed Denial of Service (DDoS) attacks.
Security incident response
Generation Impact Global has a detailed Incident Response Policy that includes procedures for identification, notification, and remediation of security incidents. The policy is tested annually, and our security team actively monitors potential threats.
Encryption
Encryption in transit
Generation Impact Global uses TLS 1.2 and TLS 1.3 for secure communication with digital certificate identification. We also utilize HTTP Strict Transport Security (HSTS) to enforce secure connections and protect against man-in-the-middle attacks.
Encryption at rest
At Generation Impact Global, we keep customer data safe by encrypting it with AES 256-bit technology—one of the most advanced security standards. This ensures that sensitive information stays protected, even when stored.
Availability and continuity
Uptime
Generation Impact Global provides real-time status updates through our platform. As outlined in our Service Level Agreements (SLAs), we are committed to maintaining a 99.5% uptime for all customer-facing services.
Disaster recovery
Generation Impact Global is built for reliability, with high availability and disaster recovery in place. By leveraging Azure’s infrastructure, we ensure business continuity even in unexpected situations.
Platform security
at every stage of development and deployment
End-to-end security, compliance, and resilience across every stage of development and deployment.
Secure development life cycle
Secure code training
Generation Impact Global mandates security training for all employees with system access, covering topics like policies, confidentiality, acceptable use, and social engineering. Training is conducted during onboarding and annually thereafter.
Framework security controls
We utilize secure frameworks with built-in protections against OWASP Top 10 risks, such as SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), ensuring secure code practices.
Quality assurance
We follow a strict change control process to ensure every update is thoroughly tested for system performance, integration, and security. Security is built into every stage of our product development, addressing key risks like session management, input validation, and encryption to keep our platform safe and reliable.
Separate environments
Development and testing environments are isolated from production to minimize risks, following segregation of duties principles for enhanced security.
Vulnerability management
Dynamic vulnerability scanning
Generation Impact Global utilizes a Dynamic Application Security Testing (DAST) tool for scheduled vulnerability scanning of applications. Additionally, security testing is incorporated into the Software Development Lifecycle (SDLC) to address risks proactively.
Static code analysis
We employ Static Application Security Testing (SAST) tools
to regularly scan application code for potential vulnerabilities. Secure code reviews are integrated into the SDLC to identify and address weaknesses effectively.
Third-party penetration testing
In addition to internal testing, Generation Impact Global engages independent security firms to conduct penetration testing and vulnerability assessments annually.