greenID achieves SOC2 Type 2

Trust Centre

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

GBG Trust Centre

Welcome to GBGs Trust Centre

This page provides an overview of the security controls in use for GBG Group.

Please note you must be an existing customer or have a non-disclosure agreement in place to access locked information.

COMING SOON: Product Family pages will be available which will provide product specific security information - these are due for release in the coming months, until then if you have a product specific query use the contact us link and a member of the team will respond as soon as they can.

Compliance

Cyber Essentials Plus Logo
Cyber Essentials Plus
FedRAMP Moderate Logo
FedRAMP Moderate
ISO/IEC 20243:2024 Logo
ISO/IEC 20243:2024
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
PCI DSS v4.0.0 Logo
PCI DSS v4.0.0
SOC 2 Type 1 Logo
SOC 2 Type 1
SOC 2 Type 2 Logo
SOC 2 Type 2

GBG is reviewed and trusted by

John Lewis-company-logoJohn Lewis
Barclays-company-logoBarclays
AmBank-company-logoAmBank
Vodafone UK-company-logoVodafone UK
Oxfam-company-logoOxfam
the LEGO Group-company-logothe LEGO Group
PayPal-company-logoPayPal
Lyft-company-logoLyft
American Express-company-logoAmerican Express
ASOS plc-company-logoASOS plc
IBM-company-logoIBM
HSBC-company-logoHSBC
Betway-company-logoBetway
BNP Paribas-company-logoBNP Paribas
Coinbase-company-logoCoinbase
St. James's Place-company-logoSt. James's Place
Volvo-company-logoVolvo

Documents

Featured Documents

REPORTSSecurity White Paper
DOCUMENTSCustomer Guide to GBGs Trust Centre

Security Grades

UpGuard
GBG Plc
900

Reports

Security White Paper

GBG Group Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Access Control

Data Access
Logging
Password Security

Self-Assessments

SIG Core 2024 - ExpectID
OPTIV ISO27001

Application Security

Code Analysis
Credential Management
Secure Development Training
View more

Data Security

Authentication
Data Retention & Disposal
Encryption-at-rest
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

AI@GBG

AI Risk Statement
Approach to AI
GBG's AI Principles
View more

Network Security

Data Loss Prevention
Firewall
IDS/IPS
View more

GBGs Approach to DORA

Frequently Asked Questions

ESG

Environment Social and Governance
Gender Pay Report
Modern Slavery
View more

Corporate Security

Email Protection
HR Security
Incident Response
View more

Infrastructure

Status Monitoring
Disaster Recovery & Backups
Minimalist Configurations
View more

Legal

Privacy Policy
Technical and Organisational Measures
Vendor Management

Insurances

Employers Liability Insurance
EOC Public Liability £10m
EOC Public Liability £15m
View more
Trust Centre Updates

greenID achieves SOC2 Type 2

Copy link
Compliance

GBG are pleased to announce its greenID product has achieved SOC2 Type 2 attestation.

GBG Achieves ISO27001:2022 Re-Certification

Copy link
Compliance

GBG's new ISO27001:2022 certificate following the successful re-certification is now available on the Trust Centre.

GBG successfully achieved re-certification to ISO27001:2022 in February 2025, this is a fantastic achievement by the GBG team. Once the certificate is available it will be added to the Trust Centre for our customers to download.

GBG GreenID Successfully achieves SOC2 Type 1 Audit

Copy link
Compliance

GBG GreenID has successfully completed SOC2 Type 1, this is a key milestone on our journey to achieving SOC2 Type2

GBG IDology Achieves ISO27001:2022 Transition

Copy link
Compliance

GBG IDology has successfully transitioned to ISO27001:2022, whilst achieving overall recertification to the standard.

ID3Global Achieves Cyber Essentials Plus Certification

Copy link
Compliance

GBGs ID3Global platform has recently achieved Cyber Essentials Plus Certification

Please see our certifications section for further information.

Knowledge Base (FAQ)
  • Access Control - Are all user IDs uniquely associated with a specific individual?
  • Are there Subject Matter Experts (SMEs) and/or groups assigned to assess risk for distinct categories (e.g., operational, reputational, regulatory, technology, privacy, financial, etc.)?
  • Is all organization email scanned by a DLP security solution?
  • Does the organization's risk management program include processes that analyze risk at the enterprise level keeping stakeholders and senior management informed of risk management decisions?
  • Is there a formalized Risk Assessment process that identifies, quantifies, and prioritizes risks based on the risk acceptance levels relevant to the organization?
View more
If you need help using this Trust Centre, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo