Security at Green Project
General Security Statement
Ensuring our customers' data security is a foundational principle at Green Project, and we devote significant attention and resources to ensuring the ongoing security of our platform and the confidentiality of the customer data we store. The following is an overview of Green Project's security posture and the key controls, policies, and procedures in place. If you have any questions regarding your company's data, or Green Project's security program in general, please don't hesitate to contact us at firstname.lastname@example.org.
Secure Development & Change Management
Green Project's software development practices are aligned with industry best practices and follow a defined software development life cycle methodology. This development process introduces security and privacy control specifications during the feature and component design and throughout the development process.
Green Project uses secure methods and protocols for transmission of all confidential or sensitive information over public networks. Databases housing customer data are encrypted at rest. Green Project uses only recommended secure cipher suites and protocols to encrypt all traffic in transit and Customer Data is securely encrypted with strong ciphers and configurations when at rest.
Green Project uses secure access protocols and processes and follows industry best-practices for authentication, including Multifactor Authentication and Single Sign on (SSO). Employee access to any production or sensitive resources requires MFA. Our Network infrastructure is securely configured to vendor and industry best practices to block all unnecessary ports, services, and unauthorized network traffic.
Green Project performs automated continuous vulnerability scanning of our environment. We also employ a suite of tools and processes to perform continuous auditing and monitoring of our infrastructure for suspected malicious activities, unpatched systems, misconfigurations, and other potential vulnerabilities.
Additionally, Green Project enforces host-based protections on all of our infrastructure and user endpoints, such as disk encryption and screen locks.
Awareness and Background Checks
Green Project conducts background checks on all employees before onboarding, and employees receive comprehensive security awareness and privacy training at hire and on an ongoing basis. All employees are required to read and acknowledge our information security policies, which include specific provisions for the protection of customer data.
Culture and Code of Conduct
Green Project has developed a code of conduct that addresses acceptable business practices, conflicts of interest, and expected standards of ethical and moral behavior, as well as employee confidentiality agreements that prohibit the inappropriate use and disclosure of customer or company information. These documents are provided to all new employees and are required to be signed prior to the employee’s start date. All employees are also required to sign an acknowledgement form that they received and agree to follow the code of conduct and confidentiality agreement.
Green Project undergoes an annual SOC 2 Type 2 audit that includes the Security and Confidentiality Trust Service Criteria. To obtain a copy of our most recent report, please reach out to your Green Project account representative.
In the event of a security breach, Green Project will promptly notify impacted users of any actual or suspected unauthorized access to their systems and data. Green Project has developed detailed response policies and associated procedures and staff are assigned to respond to events and incidents.
Green Project is fully compliant with GDPR, and maintains carefully-designed internal policies and controls to ensure that EU and UK persons' data are collected and processed lawfully.
Data Subject Access Requests
To learn more about submitting a DSAR, or for other privacy-related information pertaining to EU and UK persons, please visit our GDPR Page