Security

📘

Security & Privacy Overview

With the responsibility of handling visibility and execution data for global supply chains, Gnosis Freight is committed to the security and protection of customer and partner data, as well as our platform and infrastructure. Gnosis Freight implements comprehensive policies, practices, and controls as part of its enterprise security program.

Governance

Our governance is founded on four primary principles:

• Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
• Security controls should be implemented and layered according to the principle of defense-in-depth.
• Security controls should be applied consistently across all areas of the enterprise.
• The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security and Compliance

Gnosis Freight is proud to maintain SOC 2 Type II certification, reflecting its commitment to stringent security standards. Our SOC 2 Type II report can be requested by emailing: [email protected].

Data Protection

We prioritize data protection, both at rest and in transit. All datastores and S3 buckets containing customer data are encrypted at rest. For data in transit, we employ TLS 1.2 or higher to ensure secure data transmission over networks. Encryption keys are managed securely via AWS Key Management System (KMS), and application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store.

Enterprise Security

We enforce comprehensive security measures across all corporate devices, which are centrally managed and equipped with mobile device management software and anti-malware protection. Vendor security is assessed using a risk-based approach, considering factors such as access to customer and corporate data, integration with production environments, and potential impact on the Gnosis Freight brand.

Security Education

Gnosis Freight is committed to fostering a security-conscious culture. We provide comprehensive security training to all employees upon onboarding and annually thereafter. Regular threat briefings are shared to keep our team informed of critical security updates.

Identity and Access Management

We use Microsoft for secure identity and access management, enforcing phishing-resistant authentication factors. Employee access to applications is role-based and is automatically revoked upon termination of employment.

Data Privacy

At Gnosis Freight, data privacy is a top priority. We continuously monitor updates to regulatory and emerging frameworks to ensure our compliance. View our Privacy Policy.