GAT LABS – ENTERPRISE AND EDUCATION SECURITY POLICY
At GAT Labs Ltd. we operate to the highest security standards, procedures and ethics. As a company we respect your privacy and more importantly our tool respects the privacy of your data. Our tool only accesses your Google metadata (file names, timestamps, ACLs, owner’s name, etc.)
Our tool does not access any file contents. Those using the tool can not access other user’s data unless using the ‘Unlock‘ feature.
Our tool does not access any email contents. Those using the tool can not access other user’s emails unless using the ‘Unlock‘ feature.
While we work in every market where Google Workspace is available, as a European company we work under the strictest privacy regulations in the world and we honour and respect your data privacy above all else.
How the tool works
The tool only ever accesses, analyses and stores your company’s metadata.
This metadata is accessed directly from Google Workspace via HTTPS, the same encryption standard that you use to access Google Workspace.
The service is run on GCP (Google Cloud Platform) in North America. This facility completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls (SOC 1, 2 and 3) report, published under both the SSAE 16 and the ISAE 3402 professional standards. In addition, GCP has achieved ISO 27001 certification and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS), HIPAA and more.
The Tool itself runs using a 2048-bit modulus RSA key, SHA-1 used for hashing, AES (256-bit) used for encryption. It is Verified by Comodo. This ensures the site you connect to is who it says it is (generalaudittool.com), thus eliminating man in the middle attacks. It also ensures that any data transferred is moved inside a HTTPS tunnel, from Google to the audit tool and from the audit tool to your browser.
GAT Labs Ltd. believes all of the above is best practice
Can we scan every document? – yes.
Can we scan every email? – yes.
Does the tool access document contents? – no.
Does the tool access email contents? – no.
Do we allow Admins to see document contents? – no, unless authorization is obtained (via Unlock).
Do we allow Admins to see email contents? – no, unless authorization is obtained (via Unlock).
Why don’t we allow unsupervised access to the contents? When Google sold you Google Workspace the management team bought it on the principle that the data was secure and that users, including Admin staff, could not see other user’s or manager’s data or emails.
We are not about to violate or undermine that understanding by introducing access to private data via an open back door.
We believe companies already have business procedures in place to properly conduct internal investigations. It is up to us to honour those procedures and to only allow access via proper workflow mechanisms (GAT Unlock).
- We use UserTrust for our TLS/SSL Certificate.
- We are ISAE 3402 certified.
- We are developing our ISAF 3402 Certification
One more layer of assurance
While all of the above is a comfort to large organisations we offer one more level of assurance that their data will be protected. Large organisations can run their own instance of the audit tool on their own cloud server. Here they have full control over the runtime environment and complete control over who has access to the tool.
Small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser.
By using YouTube Audit you are agreeing to the YouTube Terms of Service