Security and trust

A relationship of trust begins with transparency in security

Security and trust

From GlobalSUITE Solutions we believe in security as a differentiating element in the search for trust on the part of our customers. That is why our services and processes have been born taking into account this requirement since its design.

Part of this effort has crystallized in having an integrated management system that allows the governance of our processes and is certified in ISO 27001, ISO 22301, ISO 9001, ISO 20000, ISO 37001 and UNE 19601 . This framework provides us with the tools needed to address the organization’s objectives, manage risks, and define the necessary controls.

PHYSICAL SECURITY

Work centres Data centers

We have controls in our workplaces that prevent access by unauthorized personnel, both automated and face-to-face. This allows us to provide our services closely without leaving aside security.

Access by non-organizational personnel is under internal supervision, providing limited access in relation to the purpose for which they entered our facilities.

In all our centers we have physical controls that allow the detection of anomalies (CCTV systems, alarms, etc.) and react to them quickly.

To achieve a good service, GlobalSUITE ® uses three localized data processing centers that allow the provision of the service in the face of unavailability in one of them.

These data centers are internationally recognized for the quality and security in the provision of their services, having different certifications that require them to have top-notch controls for physical access to meet their commitments to ensure the security of the information that is hosted in them.

The security measures implemented range from rigorous access controls only by authorized personnel and at all times accompanied by internal personnel of the organization, to optimal management of environmental and supply conditions.

All access logs, including authorized personnel, will be available at any time and will be treated internally as a security incident within GlobalSUITE Solutions to identify the root cause and prevent its future occurrence.

INFRASTRUCTURE SECURITY

Network Security Detection and prevention
Intruders

Our security strategy in the provision of services follows the principles of defense in depth, applying controls at each of the layers that result in a robust infrastructure on which GlobalSUITE is supported®.

Following this principle, in the first instance, in addition to the controls proposed by the different service providers that connect us to the Internet, we have Perimeter firewalls to prevent unauthorized access, also allowing the segmentation of the different components into separate networks, thus improving the efficiency and security of the information.

Our infrastructure is configured in high availability,to ensure the availability of the service in the event of physical or logical breakdowns. In the same way, active monitoring of all network elements is available to ensure their proper functioning and alert to possible suspicious activities or anomalies.

As an additional protection measure, the architecture has services that enable cleanup, network routing, and filtering to manage attacks from previous layers.

Our communications network has intrusion prevention and detection systems, with probes at both the network and host level (NIDS and HIDS, respectively). This architecture allows us to identify anomalos events both on the network and on the servers used to provide our service and act automatically in the face of malicious events.

In addition, the application has an application-level firewall,or WAF, that allows you to react to requests considered malicious against known or behavior-based attacks.

The infrastructure supported by GlobalSUITE® has implemented mechanisms for the detection and prevention of intrusions, established from an IDSs architecture on Host and Network (HIDS and HIPS).

All of this is centrally managed through our information management system and security events, or SIEM, which allows us to monitor and correlate the events produced by our agents, notifying in a timely manner and viewing in real time the actions.

DATA SECURITY

Safety from design Data isolation Encryption Data privacy

The platform together with all the functionalities developed for GlobalSUITE® are the consequence of a development process that takes into account security both in the design of the product and in its functionality.

Safety is present at every stage of the system development and design cycle,from defining requirements to validations performed,internally and externally, at the production stage.

An example of this is the integration of the recommendations of the OWASP guide into the different stages that make up the aforementioned cycle, ensuring that the final product does not contain known vulnerabilities.

Segregation of our infrastructure also allows us to logically divide the storage of our customers’ data, offering an additional measure of protection in access to them.

This level of isolation allows us to ensure the confidentiality of the information of each of the customers, avoiding unauthorized access.

The tool has encryption of data in transit, protecting customer data over public networks using encryption protocols that prevent its visualization.

All connections made to GlobalSUITE® have encryption using the TLS 1.2 protocol,providing an additional level of security at the transport layer and being impossible to negotiate a version prior to it.

This level of protection is implemented on all connections, including Web Access and APIs used by the tool.

The privacy of your data is important to us, and we also know how important it is to you. That is why we consider transparency about our data collection process,the use of data and whether we could share it vital.

At GlobalSUITE® we do not access personal data or collect, store or process it for any purpose. We simply use them to offer you the best service and be able to contact you in case you need it. You can see more in our privacy policy.

The providers used for the provision of the service comply with the same security conditions as us, implementing security measures higher or equivalent to those required.

Upon termination of the organization’s contractual relationship with its customers, compliance with data retention deadlines or after a request by the customer will be made a secure destruction of the information.

OPERATIONAL SECURITY

Vulnerability management Backups and replication Business continuity Hardering servers

The organization has a vulnerability management process that allows the implementation of the different changes reported by the manufacturers, as well as configuration failures that could lead to a security problem.

This process has several input activities, such as the detection of possible vulnerabilities by our internal team,an external team that performs periodic audits or by the manufacturers themselves using the communication channels arranged for this purpose.

These reviews are managed internally,also actively analyzing all external security reports and news or communications from stakeholders that could affect the infrastructure or the correct provision of the service.

All detected vulnerabilities, regardless of the origin of these, are prioritized, identified their root cause, put in place a contingency measure as quickly as possible to avoid the possibility of vulnerability, and finally, resolved.

All data has a backup that guarantees its availability. This support process includes a variety of strategies and policies that span the entire data cycle, from its creation to its destruction

Our replication policy includes storage in relocated centers, in order to prevent the loss of availability of the same in the event of an incident that entails the impossibility of providing the service from the main CPD. Our backup policy has associated activities that aim to ensure validation and correct restoration of information on a regular basis, thus eliminating possible errors in the replication process.

In order to prevent the loss of confidentiality of backup data, all of it is encrypted using secure standards, both at source and at destination.

The organization has a business continuity management system, SGCN stands for, ISO 22301 certified, regularly audited and thus ensuring the complete updating of the various components that form it, such as the disaster recovery plan and the business continuity plan.

Each of the three CPDs that make up GlobalSUITE’s infrastructure® has power backup, temperature control, fire prevention systems; having different certifications that show the correct condition of security measures, being audited on a regular basis.

Our business continuity process also accommodates internal services for the proper functioning of GlobalSUITE®, achieving a complete service resilience.

The production of a server to execute activities within the organization has a previous stage of “Hardering” that allows us to reduce vulnerabilities derived from the default configurations.

This Hardering process is constantly evolving, in parallel with the new services and vulnerabilities of the industry, however, always guided by the good practices of the CIS (Center for Internet Security) guides.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_dc_gtm_UA-965325-8	1 minute	No description
afl_wc_utm_cookie_expiry	3 months	No description available.
afl_wc_utm_sess_landing	3 months	No description available.
afl_wc_utm_sess_visit	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
bridge_sid_Xy0yMDM3OTQ4Nzkz	2 hours	No description
bridge_uid_Xy0yMDM3OTQ4Nzkz	1 year	No description
li_gc	2 years	No description
oribi_cookie_test	session	No description
oribi_session	2 hours	No description available.
oribi_user_guid	1 year	No description available.
prism_224354013	1 month	No description
TS01ad8345	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_XWPV7VHQKR	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 17 days 8 hours 11 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.