Last updated: December 29, 2025

Our Commitment to Security

As a Managed Security Service Provider (MSSP), security is the core of our business. GCS Technologies, Inc. (GCS) is committed to protecting the confidentiality, integrity, and availability of our clients’ data. We employ a multi-layered security strategy that aligns with the SOC 2 Type 2 Trust Services Criteria.

1. Data Protection & Encryption

We ensure that client data is protected throughout its entire lifecycle:

• In-Transit: All data transmitted between our clients and GCS applications is encrypted using TLS 1.2 or higher.
• At-Rest: Sensitive data, including passwords, PII, and client configurations, is encrypted at rest using AES-256 or stronger encryption standards.
• Key Management: We utilize industry-standard Key Management Systems (KMS) to rotate and protect encryption keys.

2. Network & Infrastructure Security

• Secure Hosting: Our infrastructure is hosted with Tier-1 cloud providers (e.g., AWS/Azure/GCP) that maintain SOC 2, ISO 27001, and PCI-DSS compliance.
• Network Defense: We utilize web application firewalls (WAF), intrusion detection systems (IDS), and DDoS protection to safeguard our perimeter.
• Zero Trust Architecture: We implement the principle of least privilege, ensuring that GCS personnel only have access to the resources necessary for their specific job functions.

3. Identity and Access Management (IAM)

• Multi-Factor Authentication: MFA is mandatory for all GCS employees accessing internal systems, production environments, and client data.
• Access Reviews: Access rights are reviewed quarterly to ensure they remain appropriate. Upon employee termination, all access is revoked immediately.

4. Vulnerability Management & Testing

• Penetration Testing: GCS undergoes annual third-party penetration testing to identify and remediate potential security weaknesses.

5. Compliance & Audits

GCS Technologies, Inc. undergoes regular independent audits to verify our security posture:

• SOC 2 Type 1: We are currently working through the process of obtaining the Security, Confidentiality, and Availability criteria.
• Regulatory Alignment: Our processes are designed to help clients meet their own compliance requirements, including HIPAA, GDPR, and the Texas Data Privacy and Security Act.

6. Incident Response

GCS maintains a dedicated Incident Response Plan. In the event of a confirmed data breach that affects client data, GCS is committed to notifying impacted customers in accordance with our contractual obligations and applicable state and federal laws.

Stay Informed About Security Updates

If you’d like to be notified when this Security Statement is updated, you can subscribe below.

Have a Security Concern?

We welcome reports from independent security researchers. If you believe you have found a security vulnerability in a GCS Technologies service, please contact us at securityalerts@gcstechnologies.com or use the form below to report it.