At Gorilla, we believe that transparency around our security practices is essential to building trust. While many vendors publish high-level or boilerplate information under the banner of “TOMs,” we believe this format is often too generic to provide meaningful insight.
Rather than listing vague or repetitive statements, we provide a detailed breakdown of our actual security architecture, threat model, and mitigations in a dedicated, living document: Security Whitepaper
The whitepaper describes the concrete technical and organisational controls Gorilla has implemented to protect the confidentiality, integrity, and availability of customer data. It includes details on how we address risks related to:
This approach gives our customers — including CISOs, compliance officers, and legal teams — a clearer picture of how Gorilla is designed and operated securely. Our practices are aligned with GDPR Article 32, ISO/IEC 27001, and other relevant global security frameworks.
In addition to the technical safeguards described in our whitepaper, Gorilla operates a comprehensive cyber and information security management system (CISMS) that goes beyond baseline control implementations.
Our CISMS is aligned with the structure and requirements set forth in ISO/IEC 27001, but we extend this framework with a practical, risk-based security approach tailored to fast-moving product companies. Rather than treating security as a checklist, we embed it across teams, workflows, and architecture.
Gorilla works with CISOCON, a Berlin-based professional services firm specialized in high-leverage security programs, to manage and continuously evolve our security governance, controls, and assurance efforts. This collaboration ensures that our CISMS is not only audit-ready but genuinely effective.
We encourage customers to review the whitepaper directly when assessing Gorilla’s technical and organisational safeguards.
This page is provided for informational purposes only and is not a contractual document.