TRUST & SECURITY
Information Security Policy
Kuza ERP is committed to safeguarding customer information and maintaining a secure platform. This policy outlines how we protect data, manage risks, and uphold confidentiality, integrity, and availability.
Last updated: March 18, 2026
1. Purpose and Scope
This policy applies to Kuza ERP systems, infrastructure, employees, contractors, and partners that process or access customer or company information. It covers all environments including production, development, and support operations.
2. Security Principles
- Protect data confidentiality through strict access controls and least-privilege principles.
- Maintain data integrity through controlled change management and monitoring.
- Ensure service availability through secure architecture, backups, and operational resilience.
3. Access Control
Access to customer data and critical systems is granted based on role responsibilities and business need. Administrative access is restricted, reviewed periodically, and revoked promptly when no longer required.
4. Data Protection
Kuza ERP implements safeguards for data in transit and at rest, secure authentication controls, and tenant-level isolation. Sensitive information is handled according to legal, regulatory, and contractual obligations.
5. Monitoring and Incident Response
Security-relevant events are monitored to detect anomalies and potential threats. Confirmed incidents are assessed, contained, remediated, and documented in line with internal response procedures.
6. Business Continuity
Backup and recovery procedures are maintained to support continuity of core services. Recovery processes are reviewed and improved as part of ongoing operational governance.
7. Policy Review
This policy is reviewed periodically and updated as required to reflect business, technology, and regulatory changes. For security inquiries, contact sales@kuzaerp.com.