GEP TRUST - COMPLIANCE

At GEP, compliance with industry standards and regulatory requirements is central to our operations. Our compliance framework ensures we meet the expectations of clients, regulators, and industry bodies by maintaining rigorous controls, undergoing independent audits, and continuously improving our processes.

This page outlines the certifications, policies, and ongoing initiatives that demonstrate our commitment to a secure and compliant environment.

Compliance Certifications and Standards

SOC 2 Type II

GEP has achieved SOC 2 Type II compliance, providing independent assurance of the ability to securely manage customer data through effective and consistent operation of security controls. The attestation covers critical trust service criteria - security, availability, confidentiality, and processing integrity.

SOC 1 Type II

GEP has achieved SOC 1 Type II compliance, providing independent assurance of the operating effectiveness of controls within its procurement and supply chain technology platforms — including services that support customers’ financial reporting processes.

ISO 27001

GEP’s ISO 27001 certification underscores its commitment to a robust Information Security Management System (ISMS), covering risk management, access controls, and continuous monitoring. The certification was issued by an independent, accredited body following successful completion of a formal audit process.

GDPR Compliance

GEP complies with the General Data Protection Regulation (GDPR), ensuring protection of personal data for customers in the EU and globally. Appropriate technical, physical, and organizational safeguards are in place, and data subject rights are supported as required under GDPR. Data protection and privacy considerations are embedded within system design and operations - reflecting a commitment to responsible data handling.

ISO 9001

GEP’s ISO 9001 certification reflects adherence to internationally recognized quality management principles, with a focus on customer satisfaction, operational efficiency, and continuous improvement in service delivery.
 

Compliance Roadmap

Compliance is a continuous journey, and GEP is committed to staying ahead of industry requirements. GEP’s compliance roadmap includes efforts to expand its certifications and align with emerging regulations. Key milestones include:

PCI DSS compliance

PCI DSS compliance is actively being pursued for the Payment Suite App module within the GEP Software portfolio. This certification represents a significant milestone, and updates will be provided as progress is made.