Customer Portal
Get Certified
Customer Portal
CONFIDENTIALITY & INFORMATION PROTECTION POLICY

Confidentiality & Information Protection Policy

GCAI is committed to protecting confidential information and ensuring its security, confidentiality, and appropriate use at all times.

Document Type

Public Policy

Version

1.0

Effective Date

1 May 2026

Owned By

Director

Review Cycle

Annual
Download PDF
Contact Team

Overview

This policy outlines how GCAI collects, uses, stores, shares, and protects confidential information. It applies to all employees, contractors, examiners, partners, and any third parties handling information on behalf of GCAI.

Purpose

To ensure the confidentiality, integrity, and availability of all confidential information entrusted to or created by GCAI and to prevent unauthorized access, use, disclosure, alteration, or destruction.

Scope

This policy applies to all GCAI personnel, contractors, examiners, partners, and third parties who collect, process, store, access, or transmit confidential information in any form.

Our Commitment

Confidentiality

We protect all confidential information from unauthorized access or disclosure.

Integrity

We ensure information is accurate, complete, and protected from unauthorized modification.

Availability

We ensure authorized personnel have timely access to information when needed and in the right form.

Accountability

The are accountable for protecting information and complying with this policy.

Compliance

We comply with applicable laws, regulations, standards, and contractual obligations.

Our Quality Commitments

Information Classification

We classify information based on its sensitivity and business importance.

Access Control

Access is granted on a need-to- know basis and limited to authorized individuals only.

Acceptable Use of Information

Confidential information must be used only for official GCAI purposes and handled responsibly.

Sharing & Disclosure

We do not share confidential information with third parties without authorization.

Storage & Protection

We store information securely using appropriate technical and physical safeguards.

Data Retention & Secure Disposal

We retain information only for as long as necessary and dispose of it securely when no longer required.

Incident Reporting

We promptly report any actual or suspected information security incidents.

Awareness & Training

We provide regular training and awareness to promote information protection best practices.

  • Roles & Responsibilities
  • All personnel must comply with this policy and safeguard information.
  • Managers ensure compliance within their teams and report incidents.
  • Certification Manager oversees implementation and reviews compliance.
  • Contractors and partners must adhere to this policy and applicable agreements.
  • How We Protect Information
  • Restrict access to information on a need-to-know basis.
  • Use encryption and secure systems to protect information.
  • Limit disclosure to authorized parties only.
  • Apply retention schedules and secure disposal practices.
  • Monitor systems and respond to security incidents.
  • Provide ongoing training and awareness programs.

Important Notice

Non-compliance with this policy may result in disciplinary action, legal consequences, and/or termination of contracts or employment.

Related pages

Privacy Policy

Code of Conduct

Information Security Policy

Records Retention Policy

Scroll to Top