The GPTW analytical survey platform named Emprising is hosted by the cloud provider Microsoft Azure. GPTW contracts with Azure to maintain the highest level of Data Security and Data Privacy global compliance at all times. This legal protection is passed along to all GPTW clients though the warranties in the Products and Services Agreement for the entire term of our engagement as detailed below. The Azure audit reports and other resource documentation as well as the Azure Compliance Manager Tool used by GPTW to comply with the GDPR and other privacy laws are found at the following URLs: https://servicetrust.microsoft.com/ and other compliance offerings: www.microsoft.com/en-us/trustcenter/compliance/complianceofferings. A general article about Azure compliance is here: www.communicationsquare.com/news/everything-about-gdpr-compliance-in-microsoft-cloud/ and a blog here: azure.microsoft.com/en-us/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/ There are some country specific compliance resources as well. For example, compliance in Germany is addressed at the following URL: servicetrust.microsoft.com/ViewPage/GermanComplianceResourcesV3.
To offer an abundance of legal protection to GPTW clients, contractual warranties and representations are provided for the GPTW computer network even though Emprising is hosted by Azure and not the GPTW computer network. Any communication between Emprising hosted on Azure and the GPTW computer network is strictly limited to an end-to-end secure VPN connection using IPSec protocol. GPTW provides the highest standard of legal protection by warranting to our clients that during the entire term of the engagement, GPTW has not received notice of non-compliance with the following industry standards: CPA-audited financial statements by the firm Abbott, Stringham & Lynch, Service Organization Controls (SOC) Report 2 under the Statement on Standards for Attestation Engagements (SSAE) 18 as well as with the International Organization for Standardization (ISO) 27001:2013 and ISO 9001:2015 and the National Institute of Standards and Technology (NIST 2015) cybersecurity framework. If applicable, GPTW also complies with the Payment Card Industry Data Security Standard (PCI DSS). These warranties are stated in Section 7 (Data Security) of the GPTW Products and Services Agreement which governs the terms of the engagement with GPTW clients and which has the following link on the bottom of the GPTW homepage: www.greatplacetowork.com/products-services-agreement. GPTW maintains a full-time Chief Data Protection Officer (CDPO) and staff to ensure compliance with these industry standards. The CDPO reports directly to the CEO of GPTW.
GPTW considers the third-party financial and security audits of the GPTW computer network to be for “restricted use” and confidential. Accordingly, GPTW does not release them to any company. There are several reasons for this policy. First, a “restricted use” provision is recited in every valid SOC 2 Report. Second, the audits are static in time and may not cover the entire term of the company’s engagement. Third, the audits provide no legal protection to a company. Fourth, a company having possession of these audits places itself at serious risk for no benefit, e.g. should there be a GPTW security breach, any company in possession of these audits would be a primary litigation target and would have to prove that company’s possession of the audits did not cause the GPTW breach.
Yes, but only if the Company agrees to pay a review fee of $18,000 that will be invoiced separately. Why the fee? GPTW has quoted to Company the lowest price for its products and services. This low price quote means accepting the GPTW Order Form and /or SOW and the GPTW Products and Services Agreement found at the website: www.greatplacetowork.com/Products-and-Services-Agreement. The quote does not include what GPTW needs to be compensated for the extra time and personnel required to perform the review and the documentation that must be developed just for your Company. It is important to note that because of the unique products and services being delivered by GPTW, a company’s Master Services Agreement definitely will not properly address Data ownership, Data processing, compliance with global privacy compliance laws, compliance with all Data Protection Laws, compliance with Data security industry standards, etc.
Yes, but only if the Company agrees to pay a review fee of $12,000 that will be invoiced separately. Why the fee? GPTW has quoted to Company the lowest price for its products and services. This low price quote means accepting the GPTW Order Form and /or SOW and the GPTW Products and Services Agreement found at the website: www.greatplacetowork.com/Products-and-Services-Agreement. The quote does not include what GPTW needs to be compensated for the extra time and personnel required to perform the review and the documentation that must be developed just for your Company. It is important to note that because of the unique products and services being delivered by GPTW, a company’s Master Services Agreement definitely will not properly address Data ownership, Data processing, compliance with global privacy laws, compliance with all Data Protection Laws, compliance with Data security industry standards, etc.
Yes, but only if the Company agrees to pay a review fee of $6,000 that will be invoiced separately. Why the fee? All of the answers to any security survey are found on the GPTW website at www.greatplacetowork.com/GPTW-External-Security-Policy. The Company can use the GPTW External Security Policy to fill out its own security survey. GPTW has quoted to Company the lowest price for its products and services. This low-price quote means accepting the answers to a security survey provided in the above GPTW External Security Policy. Otherwise, GPTW needs to be compensated for the extra time and personnel required to answer the survey. Furthermore, a company’s security survey provides no legal protection. A survey is static in time and may not cover the entire term of the company’s engagement. Instead, GPTW provides the highest standard of legal protection by warranting to the company that during the entire term of the engagement GPTW will comply with the following industry standards: CPA-audited financial statements, Service Organization Controls (SOC) Report 2 under the Statement on Standards for Attestation Engagements (SSAE) 18 as well as with the International Organization for Standardization (ISO) 27001:2013 and ISO 9001:2015 and the National Institute of Standards and Technology (NIST 2015) cybersecurity framework. If applicable, GPTW also complies with the Payment Card Industry Data Security Standard (PCI DSS). Another problem is that the questions in a company’s security survey inevitably are directed towards the GPTW computer network and, as a result, are irrelevant. The Emprising survey platform is hosted on Azure. The Emprising survey questions and responses never touch the GPTW computer network.
Yes, but only if the Company agrees to pay a review fee of $2,000 that will be invoiced separately. Why the fee? GPTW has quoted to Company the lowest price for its products and services. This low-price quote means accepting the quote without further involvement of GPTW personnel. Otherwise, GPTW needs to be compensated for the extra time and personnel required to retrieve the COI. Furthermore, a Certificate of Insurance provides no legal protection. A COI is static in time and may not cover the entire term of the company’s engagement. Instead, GPTW provides the highest standard of legal protection by warranting to the company that during the entire term of the engagement GPTW will carry the insurance coverage itemized in Section 13.10 (Insurance) of the GPTW Products and Services Agreement found on the GPTW homepage website.
March 31, 2021
© Great Place To Work® Institute. All Rights Reserved.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
ABOUT OUR METHOLOGY
To be eligible for the World’s Best Workplaces list, a company must apply and be named to a minimum of 5 national Best Workplaces lists within our current 58 countries, have 5,000 employees or more worldwide, and at least 40% of the company’s workforce (or 5,000 employees) must be based outside of the home country. Extra points are given based on the number of countries where a company surveys employees with the Great Place to Work Trust Index©, and the percentage of a company’s workforce represented by all Great Place to Work surveys globally. Candidates for the 2017 Worlds Best Workplaces list will have appeared on national workplaces lists published in September 2016 through August 2017.
ABOUT OUR METHOLOGY
The Best Workplaces in Asia List
Great Place to Work® identifies the top organizations that create great workplaces in the Asian and Middle Eastern regions with the publication of the annual Best Workplaces in Asia list. The list recognizes companies in three size categories:
To be considered for inclusion, companies must appear on one or more of our national lists in the region, which includes Greater China (covering China, Hong Kong, Taiwan and Macau), India, Japan, Saudi Arabia, Singapore, South Korea, Sri Lanka and UAE. For the 2021 Asia List, companies ranked on the national list in the Philippines will also be included. Multinational organizations must meet the following requirements:
Multinationals also receive additional credit for their efforts to successfully create an excellent workplace culture in multiple countries in the region. The data used in the calculation of the regional list comes from national lists published in 2019 and early 2020.