Security

At GamaLearn, protecting our customers’ data, privacy, and integrity is at the core of everything we do. We build trust through global certifications, strong security frameworks, and continuous compliance with international and regional standards.

Security You Can Trust.
Compliance You Can Rely On.

1. Organizational Security

Governance and Leadership: Senior management provides direction and oversight for information security and service management, ensuring alignment with business objectives and regulatory requirements.
Policy Framework: Security policies are established and maintained to protect information assets, ensure business continuity, and comply with legal, regulatory, and contractual obligations.
Continuous Improvement: Regular risk assessments, audits, and reviews are conducted to ensure the effectiveness of security controls and to drive ongoing improvements.
Roles and Responsibilities: Clear assignment of responsibilities for information security, with all users required to comply with policies and report incidents.

2. Physical Security

Facility Protection: Physical security controls are implemented to protect facilities, assets, and personnel from unauthorized access, damage, or loss. This includes perimeter security (alarms, locks, staffed reception), CCTV surveillance, and secure storage for sensitive information and equipment.
Access Control: Access to secure areas is restricted to authorized personnel, with badge issuance, visitor management, and key custody procedures in place. All access is logged and regularly reviewed.
Environmental Controls: Fire suppression, smoke detection, UPS, and power conditioning are installed in critical areas. Cables are segregated and protected, and physical assets are tagged and maintained securely.
Visitor Management: Visitors are required to sign in, display badges, and be escorted at all times in secure areas.

3. Infrastructure Security

Network Security: Network infrastructure is protected through segmentation, secure cabling, and the use of shielded and locked patch panels. Network access points are secured against unauthorized use.
System Hardening: Critical systems are protected with intrusion detection, regular maintenance, and security updates.
Monitoring: Continuous monitoring of infrastructure for suspicious activity, with regular reviews of logs and surveillance footage.

4. Data Security

Data Classification: Information is classified according to sensitivity, with controls applied based on classification (e.g., public, protected, restricted, confidential).
Data Protection: Confidential and sensitive data is stored securely, with encryption and access controls enforced. Data privacy is maintained in compliance with GDPR and PDPL.
Retention and Disposal: Data is retained according to legal and business requirements and securely disposed of when no longer needed.

5. Identity and Access Control

Role-Based Access: Access to systems and data is granted based on job roles and business needs, following the principle of least privilege.
Authentication: Strong authentication mechanisms, including multi-factor authentication (MFA), are enforced for critical systems.
Access Reviews: User access rights are reviewed regularly and upon changes in employment status. Access is revoked immediately upon termination.
Privileged Access: Privileged accounts are strictly controlled, monitored, and logged.

6. Operational Security

Process Controls: Operational procedures are documented and enforced to ensure secure handling of information and systems.
Training and Awareness: Regular security awareness training is provided to all employees, with specialized training for those handling sensitive or privileged information.
Change Management: Changes to systems and processes are managed through formal approval and testing procedures.

7. Incident Management

Incident Response: A structured process is in place for reporting, investigating, and responding to security incidents, with the goal of minimizing impact and preserving evidence.
Continuous Improvement: Lessons learned from incidents are used to enhance security controls and response procedures.

8. Responsible Disclosures

Reporting Mechanisms: Mechanisms are available for employees and external parties to report security vulnerabilities or incidents.
Cooperation: Full cooperation is provided during investigations, with a focus on limiting impact and preserving evidence.

9. Vendor Management

Supplier Controls: Vendors and third parties are required to comply with GamaLearn’s security requirements, including data protection, access control, and incident management.
Due Diligence: Security controls and compliance are assessed before onboarding suppliers, with regular reviews and audits conducted.
Contractual Obligations: Contracts include requirements for compliance with relevant laws and standards, and for notification of security incidents.

10. Customer Controls for Security

Customer Empowerment: Customers are provided with controls to manage their own data and access, including secure authentication and authorization mechanisms.
Transparency: Customers are informed about security practices and incident response processes relevant to their data and services.
Support: Dedicated support is available to assist customers with security-related inquiries and to facilitate secure integration with GamaLearn’s services.

GamaLearn’s security program is designed to ensure the confidentiality, integrity, and availability of information assets, while meeting the expectations of customers, regulators, and stakeholders.

Our approach is aligned with international standards and is subject to continuous review and improvement to address evolving threats and compliance requirements.

Certifications

Compliances