- About GFT
- Sustainability
- Professional Integrity
Professional Integrity
GFT endorses the United Nations 2030 Agenda for Sustainable Development
Since 2019, GFT is a member of the United Nations Global Compact, the largest voluntary initiative for responsible Corporate Governance worldwide. We aim to set key sustainability aspects in all management systems. For us, compliance is not a goal but a way of life.
Responsibility for sustainability
The Administrative Board of GFT Technologies SE is responsible for corporate strategy and all major decisions, including fundamental sustainability issues. It considers appropriate consideration to environmental and social objectives, and systematically identifies and evaluates the impacts, risks and opportunities associated with social and environmental factors.
The Group CSR Committee is a Group-wide and cross-functional steering committee chaired by the CEO that supports and reports to the Administrative Board. It convenes three times a year to review progress on the CSR agenda at operating level and to discuss strategies to support the sustainability goals.
In dialogue
We can only be successful if we take due account of the needs and expectations of our stakeholders. Direct stakeholders are our clients, employees and shareholders, as well as our suppliers and partners.
This also establishes relationships with numerous indirect stakeholders.
We listen and respond to our stakeholders’ evolving needs and rising expectations. And we continually assess our role in the supply chains of our clients. Communication is conducted via surveys, newsletters, PR, social media, meetings and events. Authorities and ESG rating agencies are key indirect stakeholders and the broader context of politics, society and the environment is also considered.
Environmental protection
As a reliable provider of technology solutions, we understand our environmental accountability and its importance. We strive to increase our operational efficiency including energy consumption, raise the share of renewable energy, and adopt more sustainable procurement practices. The basis for environmental and climate protection is set out in our Group Environmental Policy, which is binding for all employees of all Group companies.
Cybersecurity and resilience
Digitalisation and the proliferation of key technologies such as generative AI and cloud create a new world of opportunity. But success depends on the uninterrupted availability of data, IT systems and networks. Cybersecurity risks are a constant threat for companies and other organisations. The aim of our cybersecurity & resilience strategy is to protect the company, its people, and its tangible and intangible assets, as well as ensuring business continuity.
Led by the Chief Information Security Officer (CISO), our information security management system (ISMS) ensures consistent security policies across all entities. Certified to ISO/IEC 27001 for exemplary areas, our global ISMS is a guarantee of professional security management. Our German subsidiary is also TISAX certified for the automotive industry.
Operating in a distributed, network-oriented environment, GFT regularly assesses risks and implements mitigation countermeasures and resilience strategies, including ISO 27000 controls alignment, a hybrid operational model, zero trust network, and modern cloud-based desktops. Our Privacy and Security Steering Committee provides strategic direction, while the Security Operating Committee handles operational oversight.
All employees are responsible for data security and receive annual mandatory training. Our Security Operations Centre (GISOC) monitors systems 24/7, ensuring quick incident responses. GFT’s resilient business model includes distributed delivery processes, cloud-based applications, and a hybrid working model, ensuring business continuity and security.
Data protection & privacy
Our data protection framework is built on respect for human rights and legislation, fostering trust in digital transformation for our clients, partners, and employees.
The Data Protection Team, led by the Chief Privacy Officer (CPO), ensures data protection is integrated into all operations. In 2023, our CPO received the IAPP Vanguard Award EMEA for exceptional leadership in privacy.
Our policies and guidelines ensure a high level of data protection across all GFT operations, even in countries without robust data protection laws. We provide mandatory and optional training programmes to ensure all employees understand and comply with data protection standards. Our GFT Group Data Sharing Agreement is a unified approach to safely share personal data within the Group.
A global incident handling process is in place for quick response to any data breaches, protecting individuals’ rights and preventing significant damage. Our Data Protection by Design approach integrates data protection into IT systems from the start, with ongoing campaigns to train Privacy Engineers and improve data protection considerations in software development.
We are committed to Responsible AI. Since 2020, GFT Group Data Protection have issued guidelines on AI and Machine Learning, and pseudonymisation, which was derived from the ACM Statement on Algorithmic Transparency and Accountability. In 2023, we launched a taskforce to develop guidelines for using AI tools like ChatGPT, ensuring safe, effective use and compliance with regulations. In 2024, a section on responsible AI was added to the GFT Group Data Protection Policy and a GFT Group Data Protection Guideline for Responsible AI was issued. GFT has committed to the pledges of the AI PACT.