Security Policy
We are committed to maintaining the confidentiality, integrity, and availability of information systems and data. Our security practices are aligned with South African legislation, including the Cybercrimes Act, No. 19 of 2020, POPIA, and the National Cybersecurity Policy Framework (NCPF).
We implement a layered security approach, which includes but is not limited to:
-
Multi-factor authentication (MFA) for access control
-
Encryption of data both at rest and in transit
-
Firewall protection and intrusion detection/prevention systems
-
Endpoint protection, antivirus, and anti-malware tools
-
Secure software development practices and source code review
-
Physical security for infrastructure and data centers
We conduct regular vulnerability assessments and penetration tests to ensure the effectiveness of our security controls. In the event of a data breach, we adhere to Section 22 of POPIA, which outlines mandatory breach notification procedures to affected parties and the Information Regulator.
We also provide regular cybersecurity awareness training to employees to ensure that human factors do not compromise our information security posture.