|
JV
|
Published by the PMI–GPM Sustainability Joint Venture The operational companion to the PMI–GPM P5™ Standard — not a standalone methodology, but the layer that makes P5 executable at the project level. |
Stronger governance architecture. More rigorous decision structures. Regenerative positioning made operational.
|
New in Governance Impact Thresholds as Decision Triggers Version 4 formalizes impact thresholds as binding governance triggers. When a threshold is crossed, it requires a defined response — not a note in the risk register. Sustainability stops being advisory and becomes a decision structure. |
New in Materiality Dynamic Materiality What is material at project initiation shifts as conditions change. Version 4 introduces dynamic materiality — a structured mechanism for reassessing what matters as regulations, stakeholder expectations, and environmental conditions evolve during delivery. |
|
New in Positioning Regenerative Positioning Clarified Moving beyond harm reduction toward restoration is no longer treated as aspirational in Version 4. The guide clarifies what regeneration requires operationally: baseline data, measurable indicators, and monitored outcomes. No baseline, no claim. |
PMBOK® Alignment Aligned with PMBOK® Guide, 8th Edition Version 4 reinforces alignment with the principles-based structure of the PMBOK® Guide—Eighth Edition while preserving GPM’s distinct contribution. PRiSM operates within the PMBOK architecture — it does not replace it. |
How This Fits the PMI–GPM Ecosystem
The Practice Guide is the operational layer. Not the standard. Not the reporting guide.
|
P5™ Standard Defines the impact lens — what to assess across People, Planet, Prosperity, Process, Product. |
Practice Guide This document. Explains how to apply the GPM methodology within PRiSM across the full lifecycle. |
Reporting Guide Interprets project performance data for disclosure under GRI, ISSB, TCFD/IFRS S2, and SDG frameworks. |
Competence & Certification CSPP™ certification assesses foundational application of this methodology per the published syllabus. |
Four parts, fourteen chapters — from sustainability context to PRiSM delivery to governance and standards.
Setting the Standard
The PMI–GPM ecosystem is the only sustainability framework for project management with verified organizational disclosures, explicit framework mappings per impact element, a structured scoring model with governance safeguards, and free unrestricted access to all core documents.
|
|
GPM Global · Policy Document · Annual Review
GPM is committed to maintaining the highest ethical standards, fostering a culture of integrity, and ensuring a respectful, safe, and equitable environment for all stakeholders — including staff, credential holders, partners, and representatives. This policy outlines the procedures for reporting ethical violations, protecting whistleblowers, addressing conflicts of interest, and preventing harassment or discrimination.
Violations of the GPM Code of Ethics and Professional Conduct include, but are not limited to:
| Fraud, dishonesty, or misrepresentation. |
| Conflicts of interest that are not disclosed or managed appropriately. |
| Harassment, discrimination, or workplace misconduct. |
| Breaches of confidentiality or improper handling of sensitive information. |
| Actions that undermine GPM’s commitment to sustainability and ethical leadership. |
| Ethical violations must be reported through GPM’s confidential reporting channel (email, online form, or designated ethics officer). |
| Reports should include relevant details, supporting evidence if available, and any witnesses. |
| GPM will acknowledge receipt within five (5) business days and initiate a preliminary review. |
| An independent Ethics Committee will assess each report and determine the need for further investigation. |
| Investigations will be conducted fairly, confidentially, and without bias. |
| Individuals accused of violations will have an opportunity to respond before any action is taken. |
Based on the severity of the violation, the following actions may be taken:
| Individuals who report ethical concerns in good faith are protected from retaliation, including threats, demotions, or termination. |
| Any retaliation against a whistleblower will be treated as a serious ethical violation and is subject to disciplinary action. |
| Whistleblower identities will be kept confidential to the fullest extent possible. |
| Reports may be made anonymously if preferred. |
A conflict of interest arises when personal, financial, or professional interests interfere with the best interests of GPM. Examples include:
| A GPM representative receiving personal benefits from a vendor or partner. |
| A credential holder using GPM methodologies for personal financial gain without disclosure. |
| A staff member involved in decisions that benefit family members or close associates. |
| All potential conflicts must be disclosed to GPM leadership before taking any action. |
| A conflict resolution process will determine whether mitigation measures — such as recusal from decision-making — are necessary. |
| Failure to disclose a conflict of interest may result in disciplinary action. |
GPM prohibits any form of harassment, discrimination, or bullying, including but not limited to:
| Discrimination based on race, gender, sexual orientation, disability, religion, or any protected status. |
| Sexual harassment, including unwelcome advances or inappropriate comments. |
| Workplace bullying, intimidation, or retaliation. |
| Any individual experiencing or witnessing harassment should report the incident via GPM’s confidential reporting process. |
| Investigations will be impartial, confidential, and conducted promptly to ensure fair resolution. |
| If harassment is confirmed, corrective actions may include warnings, mandatory training, suspension, or termination. |
| Individuals subject to disciplinary action may appeal within ten (10) business days of receiving a formal decision. |
| Appeals will be reviewed by an independent ethics panel to ensure fairness. |
| The final decision will be communicated in writing. |
This policy will be reviewed annually to ensure compliance with evolving ethical and professional standards. Updates will be communicated to all affected stakeholders.
By engaging with GPM — whether as staff, a credential holder, or a representative — individuals acknowledge and agree to comply with this policy.
GPM Global · Ethics, Accountability, and Workplace Integrity Policy · Reviewed annually ·
GPM Global · Policy Document · Updated March 10, 2025
GPM is committed to delivering high-quality products and services. If you are not fully satisfied with your purchase, this policy explains your options, the timelines that apply, and how to contact us for assistance.
You may request a refund for eligible products within seven (7) days of purchase by contacting us at
| Refunds are processed within 5–10 business days of the original payment method being charged. |
| After seven (7) days, all sales are considered final and no refund will be issued. |
| Refund requests must include your name, order number, and the reason for the request. |
The following items are non-refundable under any circumstances:
Monthly GPM Ambassador subscriptions can be canceled at any time with no cancellation fee. To cancel your subscription:
Your subscription will remain active until the end of the current billing cycle. No further charges will be made after cancellation is confirmed.
If your product has not yet been downloaded, you may cancel your order by contacting us immediately at
For refund requests, cancellations, or questions about this policy, contact GPM directly:
| Address | GPM Global · 41502 Orianna Lane, Novi, MI 48385, USA |
| Support |
GPM Global · Refund and Cancellation Policy · Updated March 10, 2025
GPM Global · Policy Document · Updated March 9, 2025
Entities other than GPM and authorized users may not use any form of the GPM logo (“logo”) except to identify GPM products or services. Any use that falls outside of these specifications is strictly prohibited.
The logo consists of a stylized globe in blue, symbolizing global reach and sustainability. At the bottom of the globe, a green leaf represents environmental responsibility and regenerative practices. On the right-hand side of the globe, two curved orange circular lines add a dynamic element suggesting movement, innovation, and cyclical sustainability principles. The letters “GPM” appear in a stylized blue font integrated into the design. The color palette of blue, green, and orange conveys sustainability, stability, and energy.
Third parties are explicitly prohibited from using any form of the logo in products, product packaging, or other contexts that do not relate to GPM products or services. This includes, but is not limited to, the following:
| The logo may only be used with prior written permission and must not be misrepresented as a primary brand element on non-GPM materials. |
| No form of the logo may be imitated or used as a design feature in any manner. |
| No form of the logo may be used in a manner that would disparage GPM or its services. |
| The attribution clause “The GPM logo is a trademark of GPM” must accompany any use of any form of the logo. |
| No form of the logo, nor the GPM or Green Project Management™ name, may be used in any other organization name, product name, service name, domain name, website title, publication title, or similar designation. |
Prohibition on AI and Automated Systems
The GPM logo may not be used, reproduced, generated, or incorporated into any artificial intelligence system, machine learning model, training dataset, AI-generated output, or automated content generation tool — in any form, for any purpose — without prior written permission from GPM. This includes but is not limited to: use as training data, generation of logo variations by AI tools, incorporation into AI-generated marketing or promotional materials, and use in AI-powered design or branding platforms. Unauthorized AI use of the GPM logo will be treated as a violation of this policy and of applicable trademark law.
Non-GPM materials may not mimic any GPM advertising, product packaging, or website design without prior written permission from GPM.
Third parties may use a form of the logo without prior written permission only under the following circumstances:
| In a website, advertisement, or marketing collateral that references an explicit, accurate connection with GPM — for example, identifying themselves as a GPM Accredited Training Partner. |
| In an area of a website, advertisement, or marketing collateral exclusively dedicated to the promotion of GPM products or services. |
GPM reserves the right, in its sole discretion, to terminate or modify permission to display the logo at any time. GPM may request that third parties modify or delete any use of the logo that, in GPM’s sole judgment, does not comply with this policy or might otherwise impair GPM’s rights in the logo. GPM further reserves the right to object to unfair uses or misuses of its logo, trademarks, or other violations of applicable law.
GPM Global · Logo Use Policy · Updated March 9, 2025 ·
GPM Global · Policy Document · Updated March 9, 2025
This policy defines the appropriate use of GPM’s intellectual property (IP), including copyrighted materials, logos, non-registered trademarks, and USPTO-registered trademarks. The intent is to safeguard GPM’s brand integrity and ensure clear, consistent communication in alignment with its values.
Certain assets — including the PMI-GPM P5™ Standard for Sustainability in Project Management, the PMI-GPM Practice Guide for Sustainability in Project Management, the PRiSM™ methodology, and the Sustainability Management Plan (SMP) — are owned by or published through the PMI-GPM Joint Venture, in which GPM is an owner. These assets carry their own IP terms established by the Joint Venture. GPM’s own trademarks and copyrighted materials remain the exclusive property of GPM.
GPM retains full rights to its own published works, including but not limited to:
| GPM-authored books, reports, templates, and educational materials not published through the PMI-GPM Joint Venture. |
| GPM courses, online trainings, and certification programs — including digital learning modules, webinars, and instructor-led content. |
| GPM’s trademarks, certification names, and branding assets as listed in Section 4. |
The following assets are owned by or published through the PMI-GPM Joint Venture. GPM is an owner of the Joint Venture. Use of these materials is subject to the terms established by the Joint Venture, and inquiries regarding licensing or permissions for these assets should be directed to
| The PMI® GPM® P5™ Standard for Sustainability in Project Management |
| The PMI® GPM® Practice Guide for Sustainability in Project Management |
| The PRiSM™ (PRojects integrating Sustainable Methods) methodology |
| The Sustainability Management Plan (SMP) framework and associated templates |
| The GPM® Sustainability Competence Standard |
| The Project Sustainability Reporting Guide |
Third-party use of the GPM logo is governed by the GPM Logo Use Policy, which includes specific prohibitions on AI-generated reproduction or incorporation of the GPM logo into any automated system or dataset.
|
No Brand Mimicry Non-GPM materials must not replicate GPM’s or the PMI-GPM Joint Venture’s branding elements, including design patterns, color schemes, or visual identity. |
|
Reservation of Rights GPM may terminate permissions or licenses for misuse, including unauthorized resale of courses, unlicensed adaptations of publications, or unauthorized use of IP in AI systems or datasets. For PMI-GPM Joint Venture assets, both GPM and PMI reserve the right to enforce these protections. |
|
Legal Compliance Misuse of GPM’s USPTO-registered trademarks may result in legal action under the Lanham Act (15 U.S.C. § 1051 et seq.). Unauthorized use of GPM or PMI-GPM Joint Venture IP in AI systems may also give rise to claims under applicable copyright and trademark law. |
For permissions, licensing, or policy questions relating to GPM-owned or PMI-GPM Joint Venture assets:
Email:
GPM Global · Use of Intellectual Property Policy · Updated March 9, 2025
GPM Global · Policy Document · Updated April 15, 2026
Please read GPM’s Acceptable Use Policy (“AUP”) carefully before accessing any site operated by GPM or its affiliates.
All site contents are copyright © 2009–2026 GPM and/or its affiliates. All rights reserved. No portion of our sites may be reproduced, distributed, or transmitted in any form without prior written permission from GPM.
By accessing and using this website, you agree to comply with this AUP and all policies referenced within it. GPM reserves the right to update these terms at any time. Continued use of the site following any update constitutes acceptance of the revised terms. Violations may result in suspension of access, termination of account privileges, or legal action.
You are granted a limited, non-exclusive, non-transferable license to access and use materials from this site for non-commercial purposes within your organization. If you are a GPM Accredited Training Partner, this license extends to use within your clients’ organizations for the delivery of GPM-authorized training only.
| All copyright and proprietary notices must be retained in any copies made under this license. |
| This license does not permit commercial use, resale, redistribution, or sublicensing of any site content. |
| No rights are granted beyond those explicitly stated here. All other rights are reserved by GPM. |
| This license does not extend to use in artificial intelligence systems, machine learning models, training datasets, or automated content generation tools. See Section 10 for AI-specific restrictions. |
You must comply with all applicable local, national, and international laws and regulations when using this site, including U.S. export controls. GPM products are commercial items subject to restrictions under DFARS 252.227-7015 and FAR 52.227-19. You are responsible for ensuring your use of this site and its content complies with all laws applicable in your jurisdiction.
All trademarks, logos, and service marks displayed on this site are the property of GPM, the PMI-GPM Joint Venture, or their respective owners. Use of any mark without prior written consent from the owner is prohibited.
For full details on permitted and prohibited trademark use, refer to the GPM Logo Use Policy and the GPM Use of Intellectual Property Policy.
All site content is provided “as is” and “as available” without warranties of any kind, express or implied. GPM disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
GPM does not warrant that the site will be uninterrupted, error-free, or free of viruses or other harmful components. GPM is not liable for any direct, indirect, incidental, or consequential damages resulting from your use of this site or its content.
Some GPM products and services may not be available in all regions. Availability, pricing, and terms may vary by location. Contact your local GPM representative or
This site may contain links to third-party websites provided for convenience. GPM does not endorse, control, or assume responsibility for the content, accuracy, privacy practices, or availability of third-party sites. Accessing third-party sites is at your own risk and subject to their respective terms and policies.
Unauthorized access to restricted areas of this site is prohibited. The following conduct is expressly forbidden:
| Using this site for any unlawful, fraudulent, or abusive purpose. |
| Attempting to gain unauthorized access to any part of this site, its servers, or connected systems. |
| Scraping, crawling, or harvesting data from this site by automated means without written permission from GPM. |
| Transmitting viruses, malware, or any code designed to disrupt, damage, or gain unauthorized access to systems or data. |
| Using site content or data to train, fine-tune, or otherwise develop any artificial intelligence or machine learning system without prior written permission from GPM. |
| Impersonating GPM, its affiliates, partners, or any other person or organization. |
| Interfering with the proper functioning of this site or other users’ access to it. |
Your GPM account credentials are personal and must not be shared with others. You are responsible for maintaining the confidentiality of your login information and for all activities that occur under your account.
| Notify GPM immediately at |
| Failure to notify GPM of unauthorized access may result in liability for activities associated with your account during that period. |
| GPM will never ask for your password via email or any unsolicited communication. |
You may not reproduce, distribute, modify, or create derivative works from copyrighted materials on this site without prior written permission from GPM. This applies to all text, images, graphics, documents, standards, templates, course materials, and other content published on GPM-operated sites.
Prohibition on AI and Automated Systems
Content published on GPM-operated sites may not be used, scraped, crawled, reproduced, or incorporated into any artificial intelligence system, large language model, machine learning model, training dataset, AI-generated output, or automated content generation platform — in any form, for any purpose — without prior written permission from GPM. This prohibition applies to all GPM content and to assets of the PMI-GPM Joint Venture published on GPM sites. Violations will be treated as copyright infringement and may result in legal action.
If you believe content on this site infringes your copyright, you may submit a notice to GPM’s Designated Agent under the Digital Millennium Copyright Act (DMCA). Your notice must include:
| A physical or electronic signature of the copyright owner or an authorized representative. |
| Identification of the copyrighted work claimed to have been infringed. |
| Identification of the material on this site claimed to be infringing, with sufficient information to locate it. |
| Your contact information (name, address, telephone, and email). |
| A statement that you have a good faith belief that the use is not authorized by the copyright owner, its agent, or the law. |
| A statement, made under penalty of perjury, that the information in your notice is accurate and that you are the copyright owner or authorized to act on the owner’s behalf. |
Designated Agent — DMCA Notices
| Name | GPM — Legal Department |
| Address | 41502 Orianna Lane, Novi, MI 48385, USA |
GPM Global · Acceptable Use Policy · Updated March 9, 2025
GPM Global · Policy Document · Updated March 10, 2025
At GPM, protecting your privacy is a core commitment. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you visit our websites, use our services, or interact with us. By using our services, you agree to the terms of this Privacy Policy.
| Directly from you: When you sign up for services, download resources, make a purchase, contact us, or participate in surveys or training programs. |
| Automatically: Through cookies, server logs, and analytics tools when you visit our websites. See Section 3 for details. |
| From third parties: Business partners, service providers, certification bodies, and publicly available sources. |
We process your personal information on the following legal bases (as applicable under GDPR and equivalent laws):
Automated decision-making: GPM does not use your personal data for fully automated decision-making or profiling that produces legal or similarly significant effects.
We use cookies and similar technologies for the following purposes:
| Essential cookies: Required for the site to function. These cannot be disabled. |
| Analytics cookies: Analyze site traffic and user interactions to improve our services (e.g., Google Analytics). |
| Preference cookies: Remember your settings and preferences across sessions. |
Where required by law (including the EU ePrivacy Directive and GDPR), we obtain your consent before placing non-essential cookies. You can control cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies may limit certain functionality on our site.
We share your information only as described below. We do not sell your personal data to third parties.
We retain personal data only for as long as necessary for the purposes described in this policy. Our general retention practices are:
When data is no longer required, it is securely deleted or irreversibly anonymized.
| Access and Portability: Request a copy of the personal data we hold about you. |
| Correction: Request correction of inaccurate or incomplete data. |
| Deletion: Request deletion of your personal data, subject to legal retention obligations. |
| Opt-Out: Withdraw consent for marketing communications at any time using the unsubscribe link in any email or by contacting us directly. |
| Restrict or Object to Processing: Limit or oppose the use of your data for certain purposes. |
EU and UK residents have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to lodge a complaint with your national supervisory authority. GPM processes EU/UK personal data on the legal bases described in Section 2. Where required, GPM uses Standard Contractual Clauses to govern cross-border data transfers.
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
| The right to know what personal information is collected, used, shared, or sold. |
| The right to correct inaccurate personal information. |
| The right to opt out of the sale or sharing of personal information (GPM does not sell personal data). |
| The right to limit the use and disclosure of sensitive personal information. |
| The right to non-discrimination for exercising your privacy rights. |
To exercise any of these rights, contact us at
We use administrative, technical, and physical safeguards to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit, access controls, and regular security reviews.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (where required by GDPR), and notify affected individuals without undue delay where the breach poses a high risk.
GPM operates globally. Your personal data may be transferred to and stored in countries outside your home country, including the United States. Where such transfers involve personal data from the EU or UK, GPM uses appropriate safeguards including Standard Contractual Clauses approved by the European Commission. For questions about specific transfer mechanisms, contact
Our services are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at
GPM does not use personal data collected through this site to train, fine-tune, or otherwise develop artificial intelligence or machine learning models. GPM does not sell or license personal data to AI companies or data brokers.
Where GPM uses AI-assisted tools internally for operational purposes (such as customer service or content analysis), such tools are used subject to appropriate data processing agreements and do not result in automated decisions that produce legal or similarly significant effects on individuals.
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. Changes will be posted on this page with an updated effective date. Where changes are material, we will provide direct notice by email or prominent notice on our site before the changes take effect.
For any questions, concerns, or to exercise your privacy rights, contact GPM’s privacy team:
| Address | GPM Global · 41502 Orianna Lane, Novi, MI 48385, USA |
GPM Global · Privacy Policy · Updated March 10, 2025
GPM Global · Policy Document · Data Protection
Incorporating GDPR, UK GDPR, PIPEDA, and CCPA / CPRA Requirements
As a business and an employer, it is necessary for GPM Ltd. D.B.A. GPM Global and its subsidiaries and affiliates (collectively, “GPM” or the “Company”) to collect, store, and process personal data about our employees, contingent workers, customers, suppliers, and other third parties with whom we engage to provide products or services on our behalf.
This policy applies to all GPM employees, contingent workers, and third parties processing data on behalf of GPM. Unless specified, this policy applies in all countries in which GPM operates and/or conducts business.
This policy establishes GPM’s obligations under applicable data protection laws and provides a framework for compliance. It applies alongside GPM’s Privacy Policy, Acceptable Use Policy, and related data security standards. The purpose is to help all personnel comply with legal obligations and to enable individuals about whom GPM holds personal data to have confidence in how that data is handled.
Depending on the circumstances, GPM may act as a data controller or a data processor. As a data controller, GPM demonstrates compliance with Data Protection Laws by:
| Implementing policies that enable compliance, including this policy, document retention policies, data security standards, and public-facing privacy statements. |
| Communicating and training employees, contingent workers, and third parties acting on GPM’s behalf about data protection requirements. |
| Investigating instances of non-compliance and taking appropriate remedial and/or disciplinary action. |
| Investigating, remediating, and providing notification of Personal Data Incidents where required. |
| Conducting data protection impact assessments (DPIAs) where required for new types of processing activities. |
| Undertaking periodic internal audits of GPM’s data protection policies and procedures. |
| Considering data protection at the outset of new product development or processing activities (Privacy by Design). |
Any personal data that GPM processes, or that is processed on GPM’s behalf, must:
| Be processed fairly, lawfully, and in a transparent manner. |
| Be processed only for specified, explicit, and legitimate purposes. |
| Be relevant and limited to what is necessary for those legitimate purposes (data minimization). |
| Be accurate and kept up to date, with inaccurate data erased or rectified without delay. |
| Not be kept longer than is necessary to fulfil the purposes for which it was collected (storage limitation). |
| Be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. |
GPM may only process personal data where a lawful basis exists under Data Protection Laws. The grounds GPM relies upon are:
Special Category Data: Where GPM processes special category data, additional conditions apply. GPM will ensure that at least one of the following applies:
| Explicit consent from the data subject for one or more specified purposes. |
| Processing is necessary to carry out obligations under employment law, social security or social protection law, or a collective bargaining agreement. |
| Processing is necessary for preventive or occupational medicine or assessment of the working capacity of an employee. |
| Processing is necessary to protect the vital interests of the data subject or another person where the data subject cannot give consent. |
| Processing is necessary for establishing or defending legal claims. |
GPM maintains a central record of the types of personal data the Company collects and the purposes for which it is collected. GPM will only process personal data for the purposes recorded in that central record or for purposes specifically permitted by Data Protection Laws.
GPM will notify data subjects of the purposes for which their data is processed at the point of collection or, where not possible, as soon as reasonably practicable thereafter.
GPM will take all reasonable steps to erase, destroy, or amend inaccurate or out-of-date data without undue delay and, in any event, within one month of a data subject’s request (or up to three months where there are documented reasons why one month is not feasible).
| Paper records containing personal data must be shredded and disposed of securely when no longer required. No other disposal method is permitted. |
| Electronic personal data must be deleted in a manner that puts it beyond use. Where complete deletion is not technically possible, reasonable steps must be taken to ensure deletion to the fullest extent possible. |
| IT is responsible for destroying or erasing personal data from electronic equipment (laptops, desktops, company-owned mobile devices, and work data on personal devices used for business). |
GPM takes reasonable measures to ensure personal data remains secure and protected against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
| Encrypting personal data where appropriate. |
| Ensuring the ongoing confidentiality, integrity, availability, and resilience of systems and services used to process personal data. |
| Ensuring the restoration of access to personal data in a timely manner in the event of a physical or technical incident. |
| Regularly testing, assessing, and evaluating the effectiveness of technical and organizational security measures. |
| Requiring third parties who process personal data on GPM’s behalf to do so under written instructions, under a duty of confidentiality, and with appropriate technical and organizational security measures in place. |
Data users must keep desks and filing systems clear of personal data when not in use, ensure screens displaying personal data are not visible to unauthorized individuals, and lock or log off computers when left unattended.
GPM does not use personal data collected from employees, customers, or third parties to train, fine-tune, or otherwise develop artificial intelligence or machine learning systems. GPM does not sell or license personal data to AI companies or data brokers.
Where AI-assisted tools are used internally for operational purposes, they are subject to appropriate data processing agreements. GPM does not engage in automated decision-making that produces legal or similarly significant effects on individuals without human review, in compliance with Article 22 of the GDPR.
A Personal Data Incident can occur in many ways, including:
| Loss or theft of a device or file containing personal data. |
| Human error, such as sending personal data to an unintended recipient or accidentally deleting or altering data. |
| Cyber-attack, including ransomware, phishing, malware, or unauthorized system access. |
| Unauthorized access to secure areas of GPM offices or systems. |
| Unforeseen circumstances such as fire, flood, or equipment failure. |
| Deception by a third party to obtain personal data from GPM. |
Signs that a Personal Data Incident may have occurred include unusual login activity, excessive system activity on active accounts, unusual remote access, the presence of spoof wireless networks, equipment failure, or detection of hardware or software key-loggers.
Immediate Reporting Required
Any person who becomes aware of or has reason to suspect a Personal Data Incident must immediately contact their direct manager and email
In the event of an actual or imminent Personal Data Incident, GPM will:
| Investigate the incident to determine its nature, cause, and extent of potential harm. |
| Implement steps to stop the incident from continuing or recurring and to limit harm to affected data subjects. |
| Notify relevant supervisory authorities within 72 hours of becoming aware of the incident where there is a risk to individuals’ rights and freedoms (as required by GDPR Article 33). |
| Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms. |
| Record information about the incident and all steps taken in response, including documented reasoning for decisions to notify or not notify. |
Under the GDPR and UK GDPR, GPM may only transfer personal data to countries outside the European Economic Area (EEA) or UK where there is an adequate level of protection or where GPM has implemented appropriate safeguards.
For transfers of personal data outside the EEA, GPM relies on Standard Contractual Clauses (SCCs) as approved under Commission Implementing Decision (EU) 2021/914 of 4 June 2021. For UK transfers, GPM uses the UK International Data Transfer Agreement or Addendum as appropriate.
GPM may also transfer personal data outside the EEA where:
| The data subject has given explicit informed consent to the transfer, having been informed of any risks. |
| The transfer is necessary to perform a contract with the data subject. |
| The transfer is necessary to protect the vital interests of the data subject where they cannot give consent. |
| The transfer is necessary for the establishment or defence of a legal claim. |
All entities within the GPM group must enter into an Intra-Group Data Transfer Agreement to ensure appropriate safeguards for intra-group transfers of personal data outside the EEA. Third parties who process personal data for or on behalf of GPM must enter into a data processing agreement with GPM that includes the required technical and organizational safeguards.
Where GPM processes personal data, data subjects may have the following rights under applicable Data Protection Laws:
GPM will respond to data subject requests within 30 days of receipt (extendable to 3 months where the request is complex or numerous, with notification to the data subject). GPM may need to verify the identity of the requester before processing the request. Data Subject Access Requests (DSARs) should be submitted to
Data protection must be considered during the development of new products, systems, or processing activities. GPM applies privacy by design principles to minimize personal data collection and embed appropriate safeguards from the outset.
A formal Data Protection Impact Assessment (DPIA) is required where processing is likely to result in a high risk to individuals’ rights and freedoms. If you believe a DPIA may be required, contact
GPM provides data protection training to all employees and contingent workers at onboarding and at regular intervals thereafter. Completion is mandatory. Failure to complete required training may result in disciplinary action.
For questions about this policy, to report a data protection concern, or to submit a Data Subject Access Request:
| Attention | Compliance Director, GPM Global |
| Address | 41592 Orianna Lane, Novi, MI 48375, USA |
GPM Global · Data Protection Policy (GDPR) ·
GPM Global · Code of Ethics
As GPM staff, Ambassadors, partners, and certificate holders, we recognize the importance of behaving ethically. Our Code of Ethics makes public the values to which we are committed and embodies the responsibilities we promise to uphold.
The following policies apply to GPM employees, contingent workers, partners, and third parties acting on GPM’s behalf. They establish the specific behavioral and operational standards that give effect to the commitments in the Code above.
Those subject to the Code must avoid any situation in which they have, or appear to have, an interest that conflicts with the best interests of GPM. Conflicts of interest can arise where a colleague or a member of their immediate family has a financial, employment, or other relationship that may have an adverse effect on GPM or that may unduly influence the colleague’s independent judgment for reasons of personal gain.
The following activities are considered conflicts of interest and require prior written approval from the President or their designee before proceeding:
| Competing, either directly or indirectly, with GPM. |
| Holding a direct or indirect interest in competitors, suppliers, or customers of GPM beyond non-substantial, passive ownership of securities. |
| Serving as an employee, consultant, officer, or director of, or receiving income from, any organization that does business with, seeks to do business with, or directly competes with GPM. |
| Engaging in non-GPM employment or consulting that may conflict with GPM’s business interests or prevent satisfactory performance of responsibilities to GPM. |
| Accepting gifts or entertainment from a person or organization that does business with GPM, except as permitted under the Gifts and Entertainment policy below. |
| Trading in the stock of any company or dealing for personal gain on the basis of material, non-public information learned through GPM employment. |
| Personally exploiting a corporate opportunity or receiving any personal benefit from a business transaction in which GPM engages. |
The exchange of gifts and entertainment can create improper influence, or the appearance of it, and must comply with this policy. “Gifts and entertainment” means anything of value, including loans, favorable product or service terms, prizes, vehicle use, tickets, gift certificates, vacation facilities, stocks, or other securities. Entertainment is treated as a gift when the giver or their representative will not accompany you to the event.
| Meals: Modest, occasional meals with business contacts. |
| Entertainment: Occasional attendance at ordinary sports, theater, and cultural events. |
| Gifts: Nominal items such as pens, calendars, or small promotional materials. |
| Any gift or entertainment that would be illegal. |
| Any payment or offer of value to a foreign official, political party, or candidate for foreign political office to induce misuse of their position. |
| Gifts or entertainment involving parties in a tender or competitive bidding process. |
| Any gift of cash or cash equivalent (gift certificates, loans, negotiable instruments). |
| Any gift or entertainment paid for personally to avoid the approval process. |
| Any entertainment that is indecent, sexually oriented, or likely to adversely affect GPM’s reputation. |
Approval from your manager or a Strategic Leadership Team member is required for:
| Entertainment exceeding $150 USD or equivalent per person. |
| Gifts valued at more than $100 USD or equivalent. |
| Lavish meals exceeding $150 USD or equivalent per person. |
| Special events such as major sporting or entertainment events typically valued above $150 USD. |
| Travel or overnight accommodation. |
Entertainment valued above $500 USD or gifts over $250 USD require approval from the GPM President. If a gift exceeding a monetary limit cannot be declined without causing offense, it must be reported to management for a disposition decision. Cash gifts must be returned immediately.
GPM operates under applicable anti-corruption laws including the OECD Convention on Combating Bribery of Foreign Public Officials, the US Foreign Corrupt Practices Act (FCPA), the International Travel Act, the UK Bribery Act, and Canada’s Corruption of Foreign Public Officials Act (COFPA).
GPM prohibits paying, offering to pay, promising to pay, or authorizing the payment of money or anything of value — directly or indirectly — to any government official or private sector customer to secure an improper business advantage. Soliciting or accepting a bribe is equally prohibited. Colleagues may not knowingly facilitate or assist government officials or private sector clients in violating any law.
No GPM colleague or third party will ever suffer adverse consequences for refusing to pay a bribe or for refusing to engage in corrupt behavior, even if GPM loses business as a result of that refusal.
GPM is legally responsible for corrupt actions by third parties contracted to represent or perform services on its behalf. Due diligence must be conducted before contracting with any third party. GPM’s Due Diligence Questionnaire must be completed and reviewed with the Compliance Director if the third party will join GPM’s Partner Plus Program, serve as a system integrator or contracting partner on a government project or tender, or scores 5 or higher on the Third Party Risk Matrix.
The following characteristics, while not automatically disqualifying, warrant careful scrutiny:
| Operating in a high-risk country as defined in the Third Party Risk Matrix. |
| A reputation for improper, illegal, or unethical conduct. |
| Refusal to provide requested information during the due diligence process. |
| Refusal to provide assurances of compliance with anti-corruption laws or to execute a written contract. |
| Unusually high rates or fees compared to market rates. |
| Unusual payment requests, including cash payments, advance payments, or deposits to offshore accounts. |
| Direct family or business ties to a government official or agency. |
| Large or frequent political contributions. |
| Suggestions that payments are needed to “get the business.” |
For direct and indirect suppliers, additional due diligence requirements may apply depending on the type of service or product provided. This may include assessment of information security controls, data privacy protections, and regulatory compliance. An assessment may also be required to determine whether a new third-party service or product is necessary given GPM’s existing business relationships.
GPM conducts business in compliance with all competition laws. The following are strictly prohibited:
| Any agreement or arrangement with a competitor relating to pricing, bids, discounts, terms of sale, costs, or profits. GPM independently determines the prices for its products and services. |
| Any agreement with a competitor to allocate customers, markets, or control production or availability of products or services. |
| Any agreement with a competitor to limit business or refrain from doing business with a particular company. |
Colleagues who arrange, approve, or effect any export or import of products, services, or information must ensure the transaction complies with all applicable legal requirements and that documentation and record-keeping requirements are satisfied. Contact
GPM complies with laws preventing US companies from being used to implement foreign boycott policies that run counter to US policy. GPM may not refuse to do business with any boycotted country, business, national, or person due to an unsanctioned foreign boycott. US regulations require reporting of any boycott request received, even if GPM does not comply or the request is withdrawn. Any boycott-related request must be reported immediately to
Colleagues must protect the confidentiality of GPM’s proprietary information and confidential information received from third parties. Confidential information may only be disclosed where there is a clear business need and the recipient has signed an appropriate nondisclosure agreement. All information disclosed under such an agreement must be clearly marked as “confidential.”
GPM confidential information includes any information not intended for public disclosure or that has economic value to GPM, such as:
| Business processes, strategies, and product roadmaps. |
| Financial documents and projections. |
| Customer lists and personally identifiable information. |
| Source code and unpublished patent applications. |
| Project documents and new product or service introduction plans. |
GPM maintains accounting, reporting, and auditing controls to protect its assets and ensure the accuracy of its financial records. All colleagues are responsible for keeping accurate accounts and records, and must:
| Not allow the establishment of any undisclosed or unrecorded funds or assets. |
| Ensure all documentation accurately states the purpose for which funds are disbursed. |
| Decline to authorize payments with intent or belief that any part will be used for a purpose other than described in supporting documentation. |
| Follow all generally accepted accounting principles and applicable laws. |
| Report any accounting or bookkeeping violations immediately upon discovery to |
GPM is subject to enhanced requirements for processing personal data under the GDPR and other applicable laws. Personal data is any information that can identify a living individual, directly or indirectly, including names, addresses, identification numbers, location data, online identifiers, and factors specific to an individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
If you are responsible for developing new GPM products or services, data protection must be considered at the outset of development. Appropriate technical and organizational safeguards must be built in regardless of whether the product is on-premise or cloud-based. Contact
Full details are set out in the GPM Privacy Policy and GPM Data Protection Policy, both available on gpm.org.
GPM has designated spokespeople who may formally represent the Company in the media, with analysts, and on public forums. Colleagues engaging in personal social media or other online activities are responsible for acting professionally and ethically when referring to GPM or information related to their employment.
Colleagues are prohibited from posting discriminatory, harassing, or threatening content, or from divulging non-public, sensitive information about GPM that is financial, legal, or operational in nature, or that contains customer or other data governed by GPM’s data protection policies.
GPM is committed to a working environment in which all individuals are treated with respect and dignity. Everyone has the right to a professional atmosphere that promotes equal employment opportunities and prohibits discrimination and harassment. GPM adheres to all applicable labor and employment laws in every country where it operates.
Behaviors that may constitute discrimination include, but are not limited to:
| Applying expectations differently among colleagues. |
| Yielding to internalized stereotypes. |
| Excluding, interrupting, or providing less support to a colleague, including through non-verbal behaviors. |
| Engaging in patronizing or paternalistic conduct. |
| Dismissing the contributions of a colleague. |
GPM maintains a workplace free from threats and acts of violence. Colleagues, contractors, and vendors are prohibited from making threats or engaging in aggressive or violent activities, including bullying, stalking, intimidation, physical attacks, and property damage. The possession of weapons while conducting Company business or at any Company-sponsored function is strictly prohibited.
GPM prohibits colleagues and contractors from:
| The use, possession, solicitation, or sale of illegal drugs, alcohol, or prescription medication without a valid prescription on Company or customer premises or while performing a GPM assignment. |
| The presence of any detectable amount of prohibited substances while at work, on Company or customer premises, or while on Company business. |
| Being impaired or under the influence of legal or illegal substances while away from Company premises if it adversely affects work performance, the safety of others, or GPM’s reputation. |
Colleagues should report suspected impairment in the workplace. Note that similar signs may result from medical conditions, prescribed medications, psychological factors, or fatigue — report the concern and allow the Company to conduct an independent assessment.
GPM is committed to high-quality standards for its products and services through a culture of continuous improvement. GPM is audited annually to ISO 9001:2015 standards, and cross-functional teams work continuously to monitor quality indicators and improve operational practices.
GPM operates an Environmental Management System (EMS) audited annually to ISO 14001:2015, ensuring adherence to applicable environmental standards and setting goals for continuous environmental improvement.
All colleagues must be conscious of safety risks and take reasonable steps to mitigate them. Hazards and safety concerns should be reported to managers promptly so GPM can maintain a safe and efficient workplace.
Serious concerns of wrongdoing or danger must be reported. This includes actions that:
| Are unlawful. |
| Are not in line with company policy, including this Code of Ethics. |
| May lead to incorrect financial reporting. |
| Otherwise amount to serious improper conduct. |
Concerns may be reported directly to management or to GPM at
GPM will not tolerate harassment or victimization of any individual based on knowledge or suspicion that they have reported a concern, whether to GPM directly, to management, or through the confidential reporting channel. If you believe you have been retaliated against for raising a concern in good faith, report it immediately to your manager or to
Failure to comply with the provisions of this Code of Ethics may result in disciplinary action, up to and including termination of employment or credential revocation, depending on the nature of the violation and the individual’s relationship with GPM.
For questions about the Code of Ethics or to report a concern:
Email:
GPM Global · Code of Ethics ·
GPM Global · Policy Statement · Updated March 12, 2025
See also: GPM Digital Sustainability Policy
GPM applies artificial intelligence tools selectively, within defined boundaries, and subject to governance controls. This statement describes how GPM uses AI, what it prohibits, and how AI-related decisions are reviewed. It applies to GPM staff, partners, Accredited Training Partners, certificate holders, and third parties acting on GPM’s behalf.
Where GPM deploys AI tools internally, use is limited to operational purposes under the following conditions:
| AI tools are selected and deployed subject to review for alignment with GPM’s data privacy obligations, including GDPR and applicable data protection laws. |
| Third-party AI service providers processing personal data on GPM’s behalf are required to operate under data processing agreements with appropriate technical and organizational safeguards. |
| GPM does not use personal data collected from employees, customers, or third parties to train, fine-tune, or otherwise develop AI or machine learning systems. |
| GPM does not engage in fully automated decision-making that produces legal or similarly significant effects on individuals without human review, consistent with Article 22 of the GDPR. |
| AI-generated content used in GPM publications, training materials, or communications is reviewed and verified by qualified personnel before distribution. |
The following uses of AI are prohibited in relation to GPM, the PMI-GPM Joint Venture, and their respective intellectual property:
| Using GPM or PMI-GPM Joint Venture content — including standards, guides, course materials, templates, or website content — to train, fine-tune, or otherwise develop any AI or machine learning model, without prior written permission. |
| Reproducing or generating the GPM logo, GPM trademarks, or PMI-GPM Joint Venture marks using AI tools, automated design platforms, or image generation systems. |
| Scraping or harvesting GPM website content, certification data, or personal data from GPM systems using automated tools or AI-powered extraction methods. |
| Using AI tools to impersonate GPM, its staff, its certification holders, or the PMI-GPM Joint Venture in any format or channel. |
| Selling or licensing GPM or PMI-GPM Joint Venture content to AI companies, data brokers, or any third party for the purpose of AI development or training. |
These prohibitions are reflected in and enforceable under the GPM Acceptable Use Policy, Use of Intellectual Property Policy, Logo Use Policy, and Privacy Policy. Violations may give rise to legal action under applicable copyright and trademark law.
| Disclosure: GPM discloses its use of AI tools in contexts where that use is material to the products or services being delivered. |
| Human review: Decisions affecting individuals — including certification outcomes, access decisions, and communications — are subject to human review and are not delegated to automated systems without appropriate oversight. |
| Accuracy: GPM does not rely on AI-generated content as a primary or unverified source for technical standards, policy positions, or certification requirements. |
| Non-discrimination: AI tools used by GPM are assessed for bias and discriminatory outputs before deployment, and are reviewed on an ongoing basis. |
GPM does not sell or license personal data to AI companies or data brokers. Personal data processed in connection with GPM services is used only for the purposes disclosed in the GPM Privacy Policy and Data Protection Policy, and is not used to develop, train, or improve AI systems operated by GPM or by third parties.
Where AI tools process personal data on GPM’s behalf, GPM ensures that appropriate data processing agreements are in place and that the tools meet the security and privacy standards required by applicable law.
GPM reviews its AI-related practices annually alongside its broader sustainability and governance disclosures. This review considers changes in applicable law, developments in AI capabilities and risk, and feedback from stakeholders. Updates to this statement are posted on gpm.org with a revised effective date.
For questions about GPM’s AI practices, to report a concern, or to request information about specific AI tools used in GPM products or services:
Email:
GPM Global · Commitment to Responsible AI Use · Updated March 12, 2025
Making projects sustainable on a global scale since 2009.
© 2009–2025 GPM Global. All rights reserved.
Green Project Management® and GPM® are registered trademarks of GPM Global.
Sustainable Project Management™ is a trademark of GPM Global for training and professional development in project management.
PRiSM™, The GPM P5™ Standard for Sustainability in Project Management, GPM-b™, GPM-m™, PSM3™, and GPM360º™ are trademarks of GPM Global and may be used only with written consent.
