Security of processed data

By virtue of the provision and execution of our service agreements GITS PSF has administrator rights in order to perform the IT outsourcing, system operator activities and managed support services. Therefore, GITS PSF potentially has access to Personal Data and other confidential data related to employees, users and customers. GITS PSF commits to fully comply with the confidentiality of any Personal Data and confidential information it will have access to during any management task, intervention or processing of data on any of the systems.

Also, GITS PSF takes all necessary precautions to maintain the security and confidentiality of the personal data it processes, to prevent it being corrupted, damaged or accessed by third parties. All services GITS PSF propose are in line with the requirements of the Commission de Surveillance du Secteur Financier (CSSF) in Luxembourg.

This compliance is based on, but not limited to:

• to host and manage IT systems and platforms on customer premise, on GITS PSF premises or in GITS PSF Tier IV datacentres in Luxembourg as a support PSF;
• to have processes, prudential controls and reporting mechanisms in place such as internal and external audits that are reported to the CSSF;
• to respect prudential rules in terms of integrity, data confidentiality and accessibility;
• to operate under the Support PSF license 29-3 – Primary IT systems operators of the financial sector;
• to operate under the Support PSF license 29-4 – Secondary IT systems and communications networks operators of the financial Sector.
• to provide physical security measures to prevent unauthorised persons from accessing the infrastructures which store customers’ data;
• to manage security safeguards for ensuring the physical security of GITS PSF premises and datacentres, 24/7;
• to manage an authorisation management system to ensure that only those persons who need to access premises and data may do so, within the limits of their responsibilities and tasks;
• to propose physical, virtual and/or logical systems that segregate customers and data from each other (depending on the service);
• to enforce strong user and administrator authentication processes, strict password management policy and the use of two-factor authentication on all public facing services;

We realise that downtime, a data breach or the loss of critical data can be disastrous to any business, reputation and brand. GITS PSF’s solutions are designed to be compliant with European regulations.