GAN is committed to ensuring the utmost security of our customers’ platform, data and users. With GAN ICM, you can rely with confidence on a secure, stable and scalable solution to operate your entire compliance program.
Secure. Stable. Scalable.
GAN Integrity delivers a scalable and extendable SaaS compliance management platform that empowers teams to operate a limitless number of compliance applications safeguarded by a best-in-class security infrastructure. Our customers’ trust and confidence are our most valuable assets, which is why the integrity and security of the platform are our highest priority.
External Platform Security
The ICM platform is hosted exclusively on secure data centers within the European Union, specifically in Ireland with data backups in Germany. The global infrastructure of all of GAN Integrity’s data-hosting centers are designed and managed according to security best practices. All data centers are SOC 2 compliant—with SOC 3 statement available upon request—and hold multiple ISO certifications, including ISO 9001, ISO 27001, ISO 27017, and ISO 27018.
Performance & Scalability
GAN Integrity hosts the data on external servers which are capable of growing significantly in capacity if needed. This secures the continuous function of the GAN Integrity applications and data on external servers.
GAN has a dedicated team working to ensure that our information security management system is in compliance with the SOC 2 Security Standard.
We take privacy and data protection very seriously and handle all customers’ data in accordance with the EU General Data Protection Regulation (GDPR), in our capacity as both a data controller and processor. GAN has planned and implemented a robust data protection compliance program, from clear delineations of controller and processor duties to staff training and data security testing.
Any customer data processes implemented by GAN on the GAN platform are processed exclusively in the EU.
GAN is primarily a data processor in relation to its customers as customers create, use and ‘own’ the data hosted on the GAN platform. Nonetheless, GAN generally collects and uses customers’ personal data as a controller for two purposes; customer onboarding and technical support services pursuant to the agreement with the customer. All data is handled in line with the data processing principles found in Article 5 of the GDPR. GAN does not use personal data for its own purposes such as testing or analytics.
GAN uses a limited number of sub-processors to provide customers with its services. Sub-processors are bound to only process personal data in accordance with GAN’s instructions and do not collect or use any personal data controlled by GAN or GAN’s customers for unintended purposes.
All data, including log files databases and storage, at rest and in transit, are always encrypted in compliance with industry best practice algorithms and cipher strengths. GAN’s platform is regularly audited and tested to ensure the highest level of security.
GAN Integrity is certified under the EU-US and Swiss-US Privacy Shield. GAN also relies on adequacy decisions and standard contractual clauses to conduct transfers in accordance with Chapter 5 of the GDPR.
Availability & Disaster Recovery
GAN Integrity’s infrastructure has a high level of operational performance and enables customers to deploy a resilient IT architecture. Our systems are designed to tolerate multiple hardware failures with a minimal impact on customers.
All data is hosted exclusively on secure data centers within the European Union, with data backups in Germany, while business operations are carried out in our Copenhagen, London, and New York offices.
GAN’s platform is highly configurable, thereby enabling customers to deploy a granular user permission model by deploying the platform’s powerful user governance functionalities. GAN also performs regular internal penetration tests to ensure that our customer’s applications are protected against internal malicious attacks.
Single Sign-On (SSO)
The GAN platform enables its customers to simplify the sign-in experience for all users with the platform’s single sign-on (SSO) feature. Single sign-on is an authentication method that allows a user to use the same credentials to sign in to multiple applications.
GAN Integrity uses the Security Assertion Markup Language (SAML) standard for single sign-on enablement. We support the SAML 2.0 protocol, an XML-based protocol that supports service provider initiated web browser exchanges. Information is exchanged via tokens containing assertions, i.e., Identity Providers issue assertions to users, Service Providers use assertions to authenticate and authorize users.