Qu'est-ce que la certification ISO 27001 ?

La certification ISO 27001 atteste qu'un professionnel ou une organisation maîtrise la mise en place et la gestion d'un Système de Management de la Sécurité de l'Information (SMSI). Elle est délivrée par des organismes accrédités comme PECB ou IRCA après un examen.

Quelle est la différence entre Lead Implementer et Lead Auditor ?

Le Lead Implementer conçoit et met en œuvre un SMSI au sein d'une organisation. Le Lead Auditor évalue et audite les SMSI existants. Les deux certifications sont complémentaires et reconnues internationalement par PECB.

Combien de temps faut-il pour préparer l'examen PECB ISO 27001 ?

Avec GRC FORGE, la préparation moyenne est de 45 à 60 jours à raison de 1 à 2 heures par jour. Le parcours inclut des quiz adaptatifs, des examens blancs chronométrés et un simulateur d'audit IA.

GRC FORGE est-il accessible depuis l'Afrique ?

Oui. GRC FORGE applique la parité de pouvoir d'achat avec des tarifs en FCFA (à partir de 10 000 FCFA/mois). La plateforme est optimisée pour fonctionner avec une connexion internet limitée.

Les certificats GRC FORGE sont-ils reconnus ?

Les certificats GRC FORGE attestent de la maîtrise des compétences évaluées sur la plateforme. Ils sont vérifiables publiquement via un code unique sur grcforge.pro/verify/. GRC FORGE prépare aux examens PECB officiels.

Privacy Policy — GRC FORGE

1. Data Controller

The data controller for your personal data is:

Company	GRC FORGE
Email	contact@grcforge.pro
DPO contact	contact@grcforge.pro
Website	https://grcforge.pro

2. Data Collected

Category	Data	Legal basis
Account	First name, last name, email, hashed password, role, plan	Contract execution
Progression	Quiz scores, completed modules, certificates, exam history	Legitimate interest
AI Interactions	Questions asked to the AI, session identifiers	Contract execution
Payment	Transaction reference, plan, amount, currency (no card data stored)	Legal obligation
Technical	Connection logs, IP address, browser/OS	Legitimate interest (security)
Preferences	Interface language, notification settings	Legitimate interest

3. Purposes of Processing

Account management: Authentication, profile, subscription access
Service delivery: Access to courses, quizzes, AI tools, certificates
Progression tracking: Storing scores, module completions, learning analytics
Billing: Payment processing, invoice management
Communications: Transactional emails, important service notifications
Security: Fraud detection, access logs, platform integrity
Product improvement: Anonymous usage analytics

GRC FORGE does not use your personal data for commercial prospecting without your explicit consent.

4. Data Retention

Category	Retention period
Account data	For the duration of the account, then 3 years after deletion request
Learning progression	Duration of account + 2 years
AI conversations	12 months rolling (then anonymized)
Billing records	10 years (legal obligation)
Connection logs	12 months

5. Data Sharing

GRC FORGE does not sell your personal data. Data may be shared with the following categories of recipients:

Moneroo / Stripe: Payment processing (PCI-DSS compliant)
Anthropic: AI query processing (Claude API) — anonymized where possible
Hosting provider: Technical infrastructure
Email service: Transactional email delivery

All processors are subject to contractual obligations ensuring GDPR compliance. Data transfers outside the EU are governed by appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

📋 Right of access Obtain a copy of all personal data held about you.

✏️ Right to rectification Request correction of inaccurate or incomplete data.

🗑️ Right to erasure Request deletion of your data ("right to be forgotten").

⏸️ Right to restriction Request temporary suspension of data processing.

📦 Right to portability Receive your data in a structured, machine-readable format.

🚫 Right to object Object to processing based on legitimate interest.

To exercise these rights, contact: contact@grcforge.pro

We will respond within 30 days of receiving your request. If you believe your rights have not been respected, you have the right to lodge a complaint with your national supervisory authority (e.g., CNIL in France).

7. Cookies and Trackers

Cookie	Purpose	Duration
`PHPSESSID`	Authentication session	Session
`grc_lang`	Language preference	1 year
`csrf_token`	Security (CSRF protection)	Session
Analytics	Anonymous usage statistics	Up to 13 months

You can configure or disable cookies in your browser settings. Disabling essential cookies may prevent access to certain platform features.

8. Security

GRC FORGE implements technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction:

HTTPS encryption for all data in transit
Bcrypt hashing of passwords
CSRF protection on all sensitive forms
Regular security audits
Restricted access to personal data (need-to-know principle)

In the event of a personal data breach likely to result in a high risk for your rights, you will be notified without undue delay in accordance with GDPR Article 34.

9. Policy Updates

This Privacy Policy may be updated at any time. Any significant changes will be communicated by email or via a notice on the platform. We encourage you to review this policy periodically.

The date at the top of this page indicates when the policy was last revised.

10. Contact

For any questions regarding this Privacy Policy or to exercise your rights:

DPO email: contact@grcforge.pro
General contact: grcforge.pro/en/contact.php