As custodian of your data, GRESB is committed to data security. Beyond technological considerations and standards, we express this commitment in our operational practices and terms & conditions.
This section highlights some of GRESB’s most important efforts.
IT security standards
- All data & connections are encrypted with HTTPS/TLS. Following best practices in HTTPS, GRESB Portal maintains an A Rating.
- High security standard in all IT security aspects, covering upstream firewalls, regular security audits and other best practices.
- Data & source code is only accessible if physically located in the GRESB (Amsterdam) or Green River (Vermont, USA) office
Operational security standards
- All access and editing rights are separately controlled by task & assessment line. Individual rights only granted to employee if needed for specific task
- Mandatory 2-step authentication for all GRESB employees. To access any functionality of the platform, all staff members need to authenticate themselves with unique username, password, and time-dependent security token.
- Limited access to data. All data requests must go through key GRESB employees, who can access GRESBs backend.
Legal security standards
Custodian role of the data. GRESB does not own the data of respondents, but acts as a custodian. Therefore data cannot leave GRESB’s servers without the explicit permission of the data owner. This principle is anchored in the T&Cs, which are managed by the GRESB board.
If you are interested in more details, please don’t hesitate to contact us through firstname.lastname@example.org.