GMG Management Consulting, Inc. (“GMG”) respects your privacy and is committed to protecting the personal information you share with us through our website.
This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data. By using this website, you agree to the terms outlined below.
Information We Collect
We may collect personal information you voluntarily provide (e.g., name, email, phone) as well as non-personal data (e.g., browser type, IP address) for analytics and website functionality.
How We Use Your Information
Information may be used to respond to inquiries, deliver services, improve site performance, and fulfill legal or contractual obligations. We do not sell or trade your personal data.
Data Security
We use reasonable administrative and technical safeguards to protect your information from unauthorized access or disclosure.
Cookies and Analytics
This site may use cookies to enhance your experience. You can adjust your browser settings to manage cookie preferences.
Third-Party Links
Our site may contain links to external websites. GMG is not responsible for their privacy practices.
Your Rights
You may contact us to access, update, or delete your personal information, subject to applicable laws.
Contact
If you have any questions about this policy, please email us at: info@gmg-mgt.com
Website Security Policy
GMG is committed to safeguarding the confidentiality, integrity, and availability of all information collected and processed through our website. As a trusted federal contractor, we follow cybersecurity best practices in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-171 and 800-53 frameworks.
Information Security Commitment
We implement a defense-in-depth approach to secure our digital assets, employing a layered strategy that includes administrative, technical, and physical controls to protect user data and maintain system integrity.
NIST-Based Security Controls
GMG has established the following safeguards in line with federal security requirements:
• Access Control: User access is role-based and protected by multi-factor authentication.
• Audit and Accountability: System activity is monitored and logged to detect and respond to anomalies or unauthorized behavior.
• System and Communications Protection: All web traffic is encrypted using TLS; firewalls and intrusion detection tools protect against threats.
• Configuration Management: Systems are regularly patched, and all assets undergo vulnerability scanning.
• Incident Response: We maintain a formal incident response plan to quickly address and remediate security events.
• Risk Management: Risks are regularly assessed and managed through our internal Risk Management Framework (RMF).
• Training and Awareness: All staff complete mandatory cybersecurity and privacy training aligned with federal requirements.
Data Encryption and Transmission
Information entered on our website is encrypted in transit using HTTPS protocols. Sensitive data is encrypted at rest and protected by strict internal access controls.
Third-Party Security
We require all vendors and third-party providers to comply with federal cybersecurity and data protection standards. Data shared with these entities is transferred securely and only as needed.
Vulnerability Disclosure
If you discover a security vulnerability on our website, we encourage you to report it responsibly by emailing security@gmg-mgt.com. We will review and respond promptly.
Policy Updates
This policy may be updated periodically. Changes will be posted with a revised effective date.
Contact
For any questions or concerns related to this security policy or GMG’s cybersecurity practices, please contact: info@gmg-mgt.com.
