At GRiT, we pride ourselves on the highest possible protection of our customers' personal and business data. Read more about our specific security measures.
When you choose GRiT, you are choosing secure products and a reliable link in your supply chain.
GRiT uses cloud services from industry leaders Amazon (AWS) and Microsoft (Azure) to power its SaaS solutions.
Both meet the high requirements of ISO/IEC 27002, PCI-DSS, and other international standards. This ensures maximum protection of customer data against risks posed by illegal human activity, unauthorized physical access, and natural threats.
GRiT also ensures regular third-party security testing of its cloud products in accordance with OWASP standards and utilizes geographically redundant backups to maintain high service availability even during regional data center outages.
All components and their functionality are continuously monitored using cloud-independent PRTG monitoring, allowing for the early detection of operational and security incidents.
Data within GRiT applications is accessible only to authorized users via unique login IDs and passwords. Access levels are further defined by assigned user roles and permissions. The login process itself is subject to security checks to protect against cyberattacks.
Both outgoing and incoming application traffic is encrypted via the TLS protocol and scanned for viruses.
GRiT is insured by ČSOB Pojišťovna for liability regarding damages caused to customers. Given our IT services, this includes not only general liability but also coverage for damages resulting from software malfunctions and other potential service defects.
GRiT also maintains separate cyber risk insurance with Colonnade Insurance S.A., which covers cybersecurity and data protection incidents.
All customer data is synchronized in real-time within the cloud interface to two local storage locations. Data is backed up at regular intervals to geographically redundant storage to protect against local outages.
Regarding customer personal data, GRiT acts as both a processor and a controller in accordance with legal requirements under the supervision of the regulatory authority. Lawful processing of personal data is a security priority and a fundamental standard in our relationship with customers.
GRiT, s.r.o. is certified according to the ČSN EN ISO/IEC 27001:2023 standard. Independent verification and certification are conducted by the renowned certification authority United Registrar of Systems Czech, s.r.o.
At the same time, GRiT is registered under the lower-tier obligations of the NIS2 directive for Cloud Computing in all countries where it operates, and it complies with the associated regulatory requirements for managing cyber risks and operational security.
GRiT guarantees its customers data security and protection against potential cybercrime and other breaches, misuse, or theft of personal data.
GRiT provides its employees with regular training on cybersecurity, the secure handling of sensitive data, and protection against external threats.