Our security practice
Our security practice
Whilst we have a wonderful information security policy which is subject to continuous, systematic review and improvement and forms the core of our ISO27001:2013 aligned information security management system (ISMS), it is however fairly dry reading. Therefore the purpose of this document is to convey our commitment to preserving the confidentiality, integrity and availability of all the physical and electronic information assets, without boring you to tears.
We know how important information security is to our customers, and it is equally as important to us. Quality, repeatable and auditable efficient processes are key to our success as a business, and below are some of the security practice highlights we believe will give you confidence in our ability to provide secure trustworthy Insights.
Security savvy people
This means that management, all full-time or part-time staff, sub-contractors, project consultants and any external parties have, and will be made aware of, their responsibilities (which are defined in their job descriptions or contracts) to preserve information security, to report security incident or activity that causes or may cause a break down in the availability, confidentiality or integrity of the physical or electronic information assets of KZN Group. All staff will receive information security awareness training and more specialised staff will receive appropriately specialised information security training.
Having a strategy
KZN Group’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an ISMS which is intended to be an enabling mechanism for information sharing, for electronic operations and for reducing information-related risks to acceptable levels. Information and information security requirements will continue to be aligned with KZN Group’s goals and are subject to ISMS.
Find partners who view security in the same way
We are partnering with the likes of Amazon Web Services, Accelops, Atlassian, Freshdesk and OpsGenie who are some of the most respected names in the industry when it comes to data security. For example our production workloads are hosted in Amazon’s AWS data centres. They’ve devoted an entire portion of their site to explaining their security measures, which you can find here: https://aws.amazon.com/compliance/.
Across all we do
We also keep abreast with industry best-practices and ensure we are in accordance with changes and updates. We have polices on encrypting data in transit and at rest, around the storing of passwords and credentials, data retention, data classification.
We believe in least privileged access so that information and associated assets should only be accessible to authorised users when required and only to a level to allow them to carry out their intended function.
The computer network is resilient and we have put technology and processes in place to give us the best chance to be able to detect and respond rapidly to incidents (such as viruses and other malware) that may threaten the availability, confidentiality and integrity of, systems and information.
Don’t take our word for it
In order to validate that we are in fact adhering to our policies and following best practice we engage with external security firms who perform regular audits of KZN Group’s systems and provide an independent review of our practices and current security posture.
Found a bug?
If you happen to be working with one of KZN systems and believe you have found a security vulnerability we encourage you to let us know right away by emailing email@example.com. We will investigate all legitimate reports and do our best to quickly fix the problem. We might ask for your guidance in identifying or replicating the issue and understanding any means to resolving the threat right away.
If you have additional questions regarding data privacy, security or confidentiality, we’d be happy to answer them. Please write to firstname.lastname@example.org and we’ll respond as quickly as we can. In the meantime we will continue to be proactive, vigilant and diligent in all we do.