About Us

Information Security

Our stringent policies regarding the security and privacy of data ensure protection from both internal and external threats.

Jump to list of policies and practices

Graebel’s data security and data privacy policies are vetted by the corporate security steering committee, and ensure data protection from both internal and external threats. As a global company, we are in compliance with U.S. and international data protection laws.

The Graebel privacy policy does not allow any information to be shared with any party except those that are germane to the work that must be performed and are authorized accordingly.

  • Graebel currently follows ISO/IEC 17799 standards
  • All data protection and privacy laws in other countries are covered by making our policies effective globally
  • We comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from the European Union member countries and Switzerland

We take deliberate steps to safeguard the personal information of our clients and their assignees’ proprietary information.

 

Physical/Logical Security

  • All access to personally identifiable information (PII) is restricted at the database level. Data is logically sequestered in hardened database systems and access to specific data is only permitted to appropriate personnel
  • TRUSTe has found that the Graebel website is compliant with security protocols
  • Privacy data fields are encrypted within the database using triple DES encryption algorithms

 

Personnel Security Enforcement

  • Employees and suppliers must sign strictly-enforced confidentiality and non-disclosure statements, and are vetted by Graebel to verifiy they adhere to our strict business practices around data privacy security (secure transmission, storage and disposal of information)
  • All employees are required to undergo security and privacy awareness training annually
  • Suppliers are required to sign restrictive agreements outlining their use of personally identifiable information and their data access is limited to that which is required to conduct business as approved by the client and/or its relocating employee

 

Business Practices and Audits

  • Optiv, an external third party, performs quarterly security audits and penetration attacks to ensure our software and hardware are secure and compliant with our clients’ security and privacy needs
  • Physical documents are subject to the clear workspace/clear screen policy and such documents are only available to those employees who directly process PII
  • Due to the volume of activity within the financial sector and other extremely data-sensitive industries, Graebel constantly strives to meet and/or exceed industry standards.