Breadcrumbs

Policy and Risk Management

At GlobalSuite Solutions, we have a Trust Management Program based on the principles of the security standards in which we are certified. This program guides how we define, implement, and continuously improve our security controls. It consolidates the security needs of our customers, regulatory requirements, and international best practices, adapting them to our technological and operational environment.

Our Trust Management Program is structured around the following pillars:

Policy Management Program

Our Policy Management Program forms the foundation of our security framework.
It includes a set of policies and standards covering the domains established in regulations such as ISO 27001, ENS, and sector-specific reference frameworks.

  • All policies are internally accessible to ensure that teams are aware of their responsibilities.

  • We conduct a formal review at least annually, and whenever new risks, threats, or regulatory changes arise that require adaptation.

  • These policies support the definition of technical, organizational, and procedural controls applied in our services and internal processes.

Risk Management Program

We conduct continuous risk assessments to identify threats, measure impacts, and ensure that the implemented controls are effective.

  • The assessments cover both technical risks (e.g., code reviews, configuration, architecture, or vulnerabilities) and business risks.

  • As part of our Corporate Risk Management Program, we conduct a comprehensive annual assessment and execute mitigation plans that are periodically reviewed.

  • The program is complemented by periodic meetings and automated compliance reviews that enable continuous monitoring of the security status.

Privacy at GlobalSuite Solutions

We have a corporate Privacy Program with a global scope, integrating principles of transparency, accountability, and privacy by design.

Our key commitments include:

  • Transparency: We have clear and updated policies on privacy, information processing, and relationships with processors and sub-processors.

  • International transfer assessments: We conduct impact assessments for data processing activities where we estimate the risk to be necessary.

  • Access controls and training: Staff only access personal information when strictly necessary, are trained in data protection, and are subject to confidentiality obligations.

  • Data subject rights: We provide tools that allow our customers to address requests for access, rectification, deletion, and other regulated rights.

  • Updates and notifications: We communicate relevant changes to our policies or the list of subprocessors.

Internal and External Audits

We conduct periodic internal and external audits to evaluate the effectiveness of our controls and ensure compliance with applicable standards and regulations:

  • Annual external audits associated with certifications (ISO, ENS, SOC 2, etc.).

  • Operational internal audits in high-risk areas.

  • Review of results by Management and continuous improvement processes derived from them.