Documentation, certifications, insurance coverage, and contractual frameworks that satisfy enterprise procurement requirements.
Page last reviewed: May 2026
Gsource maintains five active ISO certifications covering quality management, environmental responsibility, information security, occupational health and safety, and BIM information management. Each certification is independently audited annually.
Gsource maintains a certified quality management system designed to support the full project lifecycle, from intake to final delivery. The framework establishes QA checkpoints at drafter, senior reviewer, and discipline-lead levels; documents non-conformance handling procedures; and supports continuous process improvement. Internal audits are conducted quarterly, with annual external surveillance audits.
Gsource follows a certified environmental management framework focused on office operations, energy consumption, waste management, and environmentally responsible procurement practices. The system defines processes for monitoring environmental impact and driving continuous operational improvement. Internal reviews are conducted quarterly, with annual external audits.
Gsource adheres to a certified information security management framework focused on data classification, access control, encryption protocols, secure file exchange, incident response, and outsourcing partner security practices. The system is designed to safeguard client and project information across all stages of delivery. Internal audits are conducted quarterly, supported by annual penetration testing and external surveillance audits.
Gsource follows a certified occupational health and safety management framework focused on workstation ergonomics, employee wellbeing, incident reporting, emergency preparedness, and workplace safety practices across all delivery centres. The system supports a safe and structured working environment through regular monitoring and continuous improvement initiatives. Internal reviews are conducted quarterly, with annual external audits.
Gsource applies a certified BIM information management framework governing how project information is structured, named, exchanged, reviewed, and archived across BIM workflows. Aligned with the BS EN ISO 19650 series, the framework supports consistent collaboration across multidisciplinary and federated model environments. Internal process reviews are conducted regularly, with annual external compliance audits.
Gsource maintains professional liability and general business insurance coverage that meets or exceeds standard requirements for enterprise AEC Partner onboarding. A current Certificate of Insurance (COI) is available on request, and additional insured / waiver of subrogation / primary & non-contributory endorsements can be issued for client-specific MSAs.
| Coverage Type | Carrier | Limit | Effective Period |
|---|---|---|---|
| Professional Liability (Errors & Omissions) | Everest Insurance | $2M per claim · $2M aggregate | [Policy term] |
| Commercial General Liability | [Carrier] | $2M aggregate · $1M per occurrence | [Policy term] |
| Workers' Compensation | [Carrier] | Statutory | [Policy term] |
| Cyber Liability | [Carrier] | [Limit] | [Policy term] |
| Umbrella / Excess Liability | [Carrier] | [Limit, if applicable] | [Policy term] |
| Waiver of Subrogation | Available on request - issued per client MSA | ||
Project data is handled under the ISO 27001:2022 framework with documented policies for classification, access, transmission, storage, and destruction. The protocols below apply to every project regardless of engagement model.
Project files are classified per client and access-controlled to NDA-bound team members assigned to that engagement only. Access is provisioned at engagement kickoff and revoked at engagement close. Cross-project data sharing is technically and contractually prohibited.
Project files are exchanged through Gsource’s proprietary secure data management platform, designed to support controlled access, encrypted transfers, and protected collaboration across global project teams. All file transfers use TLS 1.2 or higher, while unsecured email-based file sharing is restricted and discouraged.
Project data is stored on access-controlled servers within delivery centres, with encrypted backups on a defined retention schedule. Backups are tested quarterly. No project data is stored on personal devices or unmanaged endpoints.
All workstations are managed endpoints with enforced full-disk encryption, anti-malware, and centralised patch management. Network segmentation isolates client project environments. USB ports and external storage are policy-restricted on production workstations.
A documented incident response plan defines detection, containment, notification, and post-incident review procedures. Clients are notified of any incident affecting their data within the timeframe specified in the engagement agreement (typically 48 hours).
At engagement close, project data is either returned to the client or securely destroyed per the terms of the engagement. Destruction certificates are issued on request.
Gsource works under standard mutual non-disclosure agreements and engagement-specific master service agreements. Standard templates are available for review prior to engagement; clients may also request execution under their own MSA forms.
A standard mutual NDA template is available for download. Key terms: bilateral confidentiality, 5-year term post-engagement, indemnification for unauthorised disclosure, and explicit prohibition on cross-engagement data use. Custom NDA forms are accepted with reasonable revision timelines.
Engagement-specific MSAs cover scope, deliverables, pricing, intellectual property, indemnification, limitation of liability, and termination terms. Client-form MSAs are accepted - approximately 70% of enterprise engagements run on the client's paper.
All deliverables - drawings, models, calculations, reports, source files - are the client's property at the moment of delivery. Gsource retains no rights to client work product. Gsource retains rights only to internal tools and methodologies developed independently of client engagement.
Gsource adheres to relevant industry standards and applicable data privacy regulations across jurisdictions where clients operate.
Most enterprise procurement teams require a standard set of documents to onboard Gsource as an approved outsourcing partner. The pack below consolidates everything typically requested. Some documents are immediately downloadable; others require a brief request form to ensure the document version is current and signed.
Single request form. Pack delivered within 1 business day, signed and current.
Trimmed for Partner-questionnaire workflows. For questions not covered here, contact the compliance team directly.
For procurement-specific questions, security questionnaire responses, or supplemental documentation requests, contact the Gsource compliance team directly.
(Enter captcha image text in box)