Transparency in our security practices and policies is the foundation for a relationship of trust. This page serves as your resource for information on our security, compliance and privacy efforts.
Our Approach to Security
Graebel has an Information Security program designed to provide a holistic approach inclusive of technology, procedures, and controls to take proactive steps that stay ahead of data protection and privacy trends.
Our focus on people first-mobility drive our commitment to protecting our clients’ data and continually reevaluating the data compliance and security measures we’re taking to ensure they meet and exceed industry standards.
- Security – We deliver a robust security program in our product and corporate environments by elevating our people, instilling secure processes, and protecting technology.
- Compliance – We intentionally designed our security program aligning to the security frameworks and it is third-party assured by an independent auditing firm.
- Privacy – Our privacy program provides transparency on how we collect, use, disclose, transfer, and store customer information.
Our solutions are built to maintain confidentiality, integrity, and availability to protect our application and customer data. Our secure software development lifecycle is infused from architecture to production.
- Secure Development from the Start – Security is embedded in our Software Development Lifecycle and considered from the project planning stage, throughout the development process, and beyond as product improvements are deployed.
- Ongoing Security Awareness Training – Continuous security training is mandatory for all employees, including developers.
- Code Reviews – Manual code reviews are conducted to ensure that applications are both functional and secure.
- Automated Application Security Testing – Automation tools are used to test our products and code to discover vulnerabilities prior to going live.
- Security Risk Assessments – Security assessments are performed at the earliest stage of a project to evaluate risk treatment plans before work begins.
Our corporate environment is designed to support the company’s people-first commitment and meet the needs of today’s highly mobile workforce. Our dedicated internal team of experts works continuously to improve our threat-mitigation practices to protect Graebel’s infrastructure so we can deliver exceptional experiences to our clients.
- Zero Trust – Our team continuously evaluates multiple contextual data points to provide secured access and least privilege to our systems.
- Mobile Device Management – End-user devices are centrally managed to ensure all devices are compliant to corporate controls and policies.
- Threat Management – Diagramming and visualizing system components, data flows and security boundaries is used to identify threats allowing for corporate risk mitigation.
Governance, Risk, and Compliance
- Governance Framework – Governance is the foundation for building our security program to accomplish and meet all objectives in our security program, regulatory requirements and ethical guidelines.
- Security Risk Management – Our risk management program establishes roles and accountability for managing, monitoring and improving our security and business practices.
- Organization Compliance – Security policies and control frameworks are regularly audited by our internal security staff and external third-party auditors.
Third-party assured to earn your trust
Graebel models our security program around the industry best practices and framework of System and Organizational Controls (SOC). We maintain a SOC 2 Type 2 compliance program designed around security, availability and confidentiality. If you are a customer, or in the process of becoming a customer, we are happy to provide this report upon request.