Security and Compliance Policy

 Security and Compliance Policy

 Effective Date : 1 February 2018

 Last Updated: 21 August 2024

 

Introduction

This Security and Compliance Policy outlines the measures and protocols implemented by Custom Apps SA (“we,” “us,” “our”) to ensure the protection of data, secure operation of our systems, and compliance with applicable laws and regulations. This policy is intended to work in conjunction with our Legal Notice, Privacy Notice, and Terms and Conditions.

 

Data Protection and Privacy

We are committed to protecting the privacy and security of personal information processed through our website and systems. Our data protection practices are in full compliance with the Protection of Personal Information Act (POPIA) and other relevant regulations.

– Data Collection: All data collected is done so with explicit consent and is limited to what is necessary for the specific purpose.

– Data Storage: Personal data is stored securely with encryption at rest and in transit using industry-standard encryption methods (e.g., AES-256).

– Data Access: Access to personal data is restricted to authorized personnel only, and is protected by role-based access controls and multi-factor authentication.

– Data Retention: Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

– Data Deletion: Upon request, personal data will be deleted securely, in compliance with legal and regulatory requirements.

 

User Authentication and Access Control

To prevent unauthorized access to our systems, we have implemented robust user authentication and access control mechanisms:

– Authentication: Users must authenticate using a unique username and password, with optional multi-factor authentication for added security.

– Access Control: User permissions are granted based on roles, with access to sensitive data and administrative functions restricted to authorized personnel.

– Session Management: User sessions are monitored and logged, with automatic timeouts after periods of inactivity to prevent unauthorized access.

 

Encryption Standards

We use advanced encryption technologies to safeguard data:

– Data in Transit: All data transmitted between users and our systems is encrypted using TLS (Transport Layer Security) protocols.

– Data at Rest: Sensitive data stored on our servers is encrypted using AES-256 or equivalent encryption standards.

– Key Management: Encryption keys are managed securely, with access restricted to authorized personnel and automated systems.

 

Monitoring and Audit Trails

We continuously monitor our systems to detect and respond to potential security incidents:

– Audit Logs: All access to systems and data is logged, creating a comprehensive audit trail that is regularly reviewed to detect any unauthorized activities.

– Security Monitoring: We use automated tools to monitor our systems for vulnerabilities, unusual activities, and potential security threats.

 

Incident Response and Breach Notification

In the event of a security incident or data breach, we have established protocols to respond promptly:

– Incident Response Team: We have a dedicated team responsible for investigating and responding to security incidents.

– Breach Notification: If a data breach occurs, affected users will be notified in accordance with legal requirements, including the nature of the breach, the data involved, and any steps users should take to protect themselves.

– Mitigation: We will take immediate steps to mitigate the effects of any breach and prevent future occurrences.

 

Compliance with Legal and Regulatory Requirements

We adhere to all applicable laws and regulations regarding data security and privacy:

– POPIA Compliance: Our data practices comply with the Protection of Personal Information Act (POPIA) and other relevant regulations.

– Jurisdiction: This policy is governed by the laws of the Republic of South Africa, with jurisdiction set in KZN, Westville.

– Arbitration: Any disputes arising from this policy will be resolved through arbitration in accordance with the rules of the Arbitration Foundation of Southern Africa.

 

Third-Party Services and Interactions

We work with third-party service providers to enhance our services, and we ensure that they adhere to our security standards:

– Vendor Management: All third-party vendors are subject to rigorous security assessments before engagement.

– Data Sharing: Data shared with third parties is limited to what is necessary for the service provided, and is encrypted and protected by contractual agreements.

– Regular Audits: We regularly audit third-party vendors to ensure ongoing compliance with our security and compliance requirements.

 

Continuous Improvement

We are committed to continuous improvement of our security practices:

– Security Reviews: We conduct regular security reviews and update this policy as necessary to address new threats and vulnerabilities.

– Employee Training: Our staff receive ongoing training on data protection, security practices, and compliance with this policy.

 

Contact Information

If you have any questions or concerns regarding this Security and Compliance Policy, please contact us at:

Custom Apps SA(Pty)Ltd

2 Ncondo Place

Umhlanga Ridge

4319

info@customappssa.co.za

031 830 5329