Skip to main content
GEMEnterprise

Trust Center

Security and compliance overview

GEM Enterprise publishes this overview to support customer due diligence. Alignment statements describe control design and readiness; they do not claim a certification unless a current certificate is separately provided.

Core controls

  • Role-based access controls for protected client and administrative routes.
  • Encrypted transport, secure session cookies, rate limiting, and audit logging.
  • KYC-gated workflows and human review for high-impact operations.
  • Fail-closed production controls for external integrations and publishing.
  • Incident response, evidence preservation, and operational monitoring procedures.

Framework alignment

  • NIST Cybersecurity Framework control mapping
  • ISO/IEC 27001 readiness alignment
  • SOC 2 trust-services control mapping
  • Applicable GDPR privacy principles and data-subject handling
  • HIPAA safeguard consideration where regulated information is in scope
  • CMMC practice mapping for relevant defense-supply-chain engagements

Responsible disclosure

Security concerns should be reported privately through the contact channel. Do not include credentials, private keys, identity documents, or exploit data in public reports.

Contact GEM Enterprise