Safe

Security

Zemp Business Solutions is certified with all the crucial security standards and certifications

Zemp Business Solutions is compliant and certified with several important security standards. Zemp Business Solutions is meeting the information security standard and requirements for companies dealing with credit cards which are stipulated in the Payment Card Industry Data Security Standard (PCI DSS). This standard looks to increase the security controls around cardholder data hence reducing credit card fraud. Moreover, Zemp Business Solutions is compliant with data protection regulations introduced in 2018 across all Europe the General Data Protection Regulation (GDPR) who’s main aim is to apply optimum security controls with regards to Personal Identifying information PII.

 

Zemp Business Solutions Network Security Infrastructure

We boast with a fault tolerant, highly available and a secure network infrastructure which is a major milestone in our security posture. A strong, up to date firewall is implemented on the network layer with up to date configurations to prevent unauthorized access in to the network. Moreover, we have implemented an Intrusion Detection System (IDS) particularly Network Intrusion Detection System NIDS which monitors the network and flags any malicious activity. The NIDS also monitors any kind of policy violation and guidelines set and reports any incident to our CISO (Chief Information Security Officer). Frequent audits are also conducted which are comprehensive and cover the following important basics:

  • Asset identification for categorizing all the critical assets for protection.
  • A risk assessment is then done on the critical assets to probe for any potential security weakness and provide an apt fix.

Review all the existing security policies and measure their effectiveness. Sensitive policies such as BYOD are monitored and adhered to closely.

Organizational security guidelines and conformities

We have several procedures which aim at achieving data privacy and protection and information security:

  • We conduct and implement a robust organization- wide cyber security awareness program which equips all the staff with the recent cutting age security best practices since security is not only technical but is also people. This program is reinforced on a regular basis. Employees are made aware that a security posture’s first line of defense against attacks is controls and how they are applied to ensure privacy and protection. Then they are educated on the second line of defense which Is detection and recognition of threats models and understanding how the threat landscape keeps changing. Attacks such as phishing attacks which are rampant among employees are dealt with. The employees are then educated on the last and the most crucial line of defense in our security posture which is the employees themselves and how they can be fully aware of all relevant security standards and guidelines so as minimize the chance of them being the weakest link.
  • User access privilege is another key area well addressed in our company. This gives all employees the least or minimum access to the network resources needed for them to perform their tasks. This is paramount given the alarming rise of insider attacks hence every user account on our network has least privilege. All our crucial network assets and hardware are isolated to a strictly limited access which ensures the chances of losing or unauthorized access to data are minimal.
  • In order to minimize unauthorized access to company data, session management and strong user passwords policies are implemented on all individual user workstation.
  • Our software security and management practices are top level. Firstly, we have a vigorous patch management system which applies every patch ASAP in case of occurrence of a security flaw incident. This means that our software defenses are strong and protected even from zero-day attacks. Additionally, we offer end to end encryption of all data being transmitted within our application. This is also tested and by conducting security audits and penetration testing so as to harden our application security posture. Strong passwords which can be used to access the system are hashed to prevent brute forcing. Added security layers in our application include a two – factor authentication procedure.
  • ZEMPCENTER is hosted on Amazon Web Services which is a cloud computing service provider. AWS is a reliable service provider guaranteeing availability, confidentiality, scalability and redundancies which are key concerns on our part. AWS provides compliance reports on System and Organizational Controls SOC made available in the AWS artifact which makes it easy to audit and conduct assessments for surety of compliance to all set standards. S
  • We strive to ensure a seamless correlation with our merchants who act as our service providers. This enables us to better manage and implement vendor security by applying all the relevant security requirements within our contracts and conducting regular audits and risk assessments.