Effective Date: 10/12/24

CorkVeste Ltd. (“CorkVeste”, “we”, “us”, or “our”) is committed to protecting the security and confidentiality of the information provided by our clients, partners, and users. This Security Policy outlines the measures we take to safeguard data from unauthorized access, loss, misuse, and other security threats. Our goal is to ensure that all sensitive information handled by CorkVeste is protected to the highest standards in line with industry best practices.

1. Scope and Purpose

This Security Policy applies to all CorkVeste systems, applications, processes, and personnel involved in the collection, storage, processing, or transmission of data on behalf of our clients and business operations. The purpose of this policy is to:

  • Ensure the confidentiality, integrity, and availability of sensitive data.
  • Protect CorkVeste’s information technology systems from unauthorized access and cyber threats.
  • Maintain compliance with applicable data protection laws and industry standards.
  • Provide a clear framework for addressing security incidents and breaches.

2. Data Security Principles

CorkVeste adheres to the following key principles in ensuring data security:

  • Confidentiality: Protecting personal, financial, and sensitive information from unauthorized access or disclosure.
  • Integrity: Ensuring the accuracy, completeness, and reliability of the information.
  • Availability: Ensuring that information and systems are accessible and functional when needed by authorized users.

3. Data Encryption and Protection

3.1. Encryption in Transit and at Rest:

  • All sensitive data transmitted over the internet is encrypted using strong encryption protocols (e.g., TLS/SSL) to prevent unauthorized interception.
  • Data stored in CorkVeste’s systems is encrypted using industry-standard encryption methods, such as AES (Advanced Encryption Standard), to ensure that it is protected from unauthorized access.

3.2. Encryption Keys:

  • Encryption keys used for protecting data are managed and stored securely in an isolated and highly protected environment.
  • Key management practices follow best practices to ensure that keys are rotated regularly and access is strictly controlled.

4. Access Control

4.1. Role-Based Access Control (RBAC):

  • CorkVeste employs a role-based access control system to ensure that only authorized personnel have access to sensitive data and systems based on their roles and responsibilities.
  • Access is granted based on the principle of least privilege, meaning users are only given access to the data and systems necessary for their tasks.

4.2. Authentication Mechanisms:

  • Multi-factor authentication (MFA) is required for accessing CorkVeste’s systems and applications. This provides an additional layer of security to verify the identity of users.
  • Strong password policies are enforced, requiring users to create complex passwords that are regularly updated.

4.3. User and Access Review:

  • Regular reviews of user accounts and access privileges are conducted to ensure that access is up-to-date and appropriate.
  • Immediate revocation of access is implemented for users who no longer require access to systems or who leave the organization.

5. Network Security

5.1. Firewall Protection:

  • CorkVeste’s internal and external networks are protected by firewalls that filter and monitor incoming and outgoing traffic to prevent unauthorized access.
  • Firewalls are regularly updated and configured to block known vulnerabilities and threats.

5.2. Intrusion Detection and Prevention Systems (IDPS):

  • Intrusion detection and prevention systems are implemented to continuously monitor for suspicious activity or potential security breaches within our network.
  • Alerts are triggered for any unusual or unauthorized activity, and immediate action is taken to investigate and mitigate threats.

5.3. Virtual Private Network (VPN):

  • VPNs are used to securely connect remote employees, partners, and clients to CorkVeste’s internal network, ensuring that sensitive data is encrypted during transit.

6. Physical Security

6.1. Data Center Security:

  • CorkVeste’s data centers are located in secure facilities with strict physical security controls, including surveillance, access logs, and restricted access to authorized personnel.
  • Data center staff undergo regular security training, and visitor access is controlled and monitored.

6.2. Device Management:

  • Employees and contractors are required to use company-issued devices that are secured and managed by CorkVeste’s IT department.
  • All devices used to access CorkVeste systems are subject to security configurations, including device encryption, anti-malware software, and secure login credentials.

7. Incident Response and Management

7.1. Incident Response Plan:

  • CorkVeste has developed and maintains a comprehensive Incident Response Plan (IRP) to address potential security breaches, data loss, or cyberattacks.
  • The IRP outlines clear roles and responsibilities, procedures for identifying, containing, and mitigating threats, and communication protocols with internal and external stakeholders.

7.2. Incident Detection and Reporting:

  • All employees are trained to identify and report security incidents or suspicious activities promptly.
  • We have implemented security monitoring tools to detect potential incidents in real time, including unauthorized access attempts, malware infections, and phishing attacks.

7.3. Breach Notification:

  • In the event of a data breach that compromises client or user data, CorkVeste will notify affected parties promptly, in accordance with applicable laws and regulations.
  • Notifications will include a description of the breach, the types of data affected, the actions taken to mitigate the breach, and recommendations for safeguarding against further risks.

8. Data Retention and Disposal

8.1. Data Retention:

  • CorkVeste retains client data only for as long as necessary to fulfill the purpose for which it was collected, and in accordance with regulatory requirements.
  • Regular reviews are conducted to ensure that obsolete or unnecessary data is securely deleted or anonymized.

8.2. Data Disposal:

  • When data is no longer required, it is securely destroyed using methods that ensure complete and irreversible deletion, including the shredding of physical documents and the wiping of digital media.

9. Compliance with Legal and Regulatory Requirements

9.1. Regulatory Compliance:

  • CorkVeste complies with relevant laws, regulations, and industry standards regarding data protection and security, including but not limited to the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), and the relevant local laws in jurisdictions where we operate.

9.2. Third-Party Vendor Security:

  • CorkVeste ensures that third-party vendors who process sensitive data on our behalf adhere to appropriate security practices.
  • Contracts with third-party vendors include security requirements, and we conduct regular security audits of these vendors to ensure compliance.

10. Employee Training and Awareness

10.1. Security Training:

  • All CorkVeste employees undergo regular security training to ensure they are aware of potential risks and the necessary steps to maintain security in their daily operations.
  • Security training includes topics such as phishing awareness, secure password management, and how to handle sensitive data securely.

10.2. Ongoing Security Awareness:

  • CorkVeste fosters a culture of security awareness through ongoing communication about new threats, security updates, and best practices for safeguarding client and organizational data.

11. Third-Party Services and Integrations

11.1. Security Assessments of Third-Party Services:

  • Any third-party services integrated with CorkVeste’s platform, including payment processors, investment partners, or external data storage providers, are thoroughly vetted to ensure they meet our stringent security standards.

11.2. Security of Third-Party APIs:

  • APIs used for integrations with third-party services are secured using industry-standard authentication and encryption methods to ensure the confidentiality and integrity of data transmitted between systems.

12. Security Monitoring and Audits

12.1. Continuous Monitoring:

  • CorkVeste utilizes continuous monitoring tools and techniques to detect and respond to security threats across its infrastructure, applications, and systems.
  • Logs of system activity are maintained and regularly reviewed to identify any unusual or unauthorized activity.

12.2. Regular Security Audits:

  • Periodic security audits and vulnerability assessments are conducted to ensure that CorkVeste’s security practices are up to date and effective in mitigating risks.
  • Audits are carried out by both internal teams and third-party security experts.

13. Changes to This Security Policy

CorkVeste reserves the right to modify or update this Security Policy at any time. Any changes will be communicated to affected parties, and the updated policy will be posted on our website. We encourage all clients and partners to review this policy regularly to stay informed of any updates.

14. Contact Information

If you have any questions or concerns regarding this Security Policy or our security practices, please contact us at:

CorkVeste Investment Limited.
No. 4A

Lukasu Road

Rhodespark

Lusaka, Zambia


Email: hello@Veste.money