How is data protected in GRSCIA?

Data is encrypted at rest using AES-256, and access can be protected with TOTP-based multi-factor authentication.

How does GRSCIA handle access governance?

GRSCIA uses role-based access controls so teams can limit permissions by responsibility and support least-privilege access to sensitive workflows.

Is there an audit trail for platform activity?

Yes. Platform activity is logged to support traceability and audit review, including evidence-relevant operational actions.

Is the cloud deployment hosted in the UAE?

The cloud deployment is hosted on UAE-based infrastructure to support data residency and sovereignty requirements.

How can we review subprocessors and contractual terms?

Public trust pages cover subprocessors, data processing terms, service commitments, and related legal references so security and procurement teams can review vendor posture before launch.

Security

Security controls built for UAE healthcare compliance.

Review the technical and operational controls that support ADHICS-aligned workflows, auditability, and protected health information handling.

ENC

AES-256 Encryption

All data encrypted at rest using AES-256, the industry standard for data protection.

MFA

Multi-Factor Authentication

Secure access with TOTP-based MFA, protecting accounts from unauthorized access.

RBAC

Role-Based Access Control

Granular permissions with predefined roles ensuring least-privilege access to sensitive data.

AUD

Cryptographic Audit Trails

Every action is logged with SHA-256 hashing for tamper-proof audit trails.

RES

UAE Data Residency

All data stored in UAE-based infrastructure (me-central-1), ensuring data sovereignty compliance.

ADH

ADHICS Compliant

Built to align with Abu Dhabi Healthcare Information and Cyber Security standards.

Training & Awareness

How GRSCIA manages training assurance.

This public summary reflects the GRSCIA training posture. The full policy is maintained as an owner-facing assurance artifact.

Formal Training Policy

GRSCIA maintains a formal training policy for planning, delivering, tracking, and reviewing awareness and competency activities. The full policy is maintained as an owner-visible assurance artifact and is positioned as part of GRSCIA's operational control set rather than a customer onboarding acceptance document.

Delivery and Evidence

Training workflows are delivered through the GRSCIA platform, powered by Cisoshare Inspection & Audit Services. The capability supports assignments, reminders, assessment status, certification visibility, expiry monitoring, and evidence records that can be used for management review and audit support.

Customer Visibility

Customers can review GRSCIA's training and awareness posture through the platform trust surface together with related assurance material. Public pages provide a factual summary only; the canonical policy and downloadable artifact are reserved for the owner-facing assurance experience.

Compliance Standards

Built to support ADHICS-aligned operations, vendor oversight, and healthcare data protection requirements.

Privacy Terms DPA SLA Sub-processors

UAE-HostedADHICS-AlignedAES-256

Security FAQ

Questions security and procurement teams usually ask.

These answers reinforce the controls, residency model, and trust materials behind the product.

How is data protected in GRSCIA?: Data is encrypted at rest using AES-256, and access can be protected with TOTP-based multi-factor authentication.
How does GRSCIA handle access governance?: GRSCIA uses role-based access controls so teams can limit permissions by responsibility and support least-privilege access to sensitive workflows.
Is there an audit trail for platform activity?: Yes. Platform activity is logged to support traceability and audit review, including evidence-relevant operational actions.
Is the cloud deployment hosted in the UAE?: The cloud deployment is hosted on UAE-based infrastructure to support data residency and sovereignty requirements.
How can we review subprocessors and contractual terms?: Public trust pages cover subprocessors, data processing terms, service commitments, and related legal references so security and procurement teams can review vendor posture before launch.