Security Policy
Purpose & Scope
Purpose & Scope
This Security Policy (“Policy”) outlines the technical and organisational measures implemented by Sublyticx (“Service”, “we”, “us”) to protect systems, infrastructure, and data against unauthorised access, loss, misuse, disclosure, alteration, or destruction.
This Policy applies to all systems, personnel, infrastructure, and data processing activities carried out by or on behalf of the Service.
Security Framework
Sublyticx implements security measures that are appropriate to the nature, scope, context, and risk of processing activities, in alignment with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA).
Security controls are designed to ensure ongoing confidentiality, integrity, availability, and resilience of systems and data.
Technical & Organisational Measures
The Service applies a combination of administrative, technical, and physical safeguards, which may include:
3.1 Data Protection
• Encryption of data in transit using industry-standard protocols (e.g. TLS/SSL)
• Encryption of sensitive data at rest where applicable
• Secure key management practices
3.2 Access Control
• Role-based access control (RBAC)
• Principle of least privilege enforcement
• Multi-factor authentication (where applicable)
• Secure session management and authentication controls
3.3 Infrastructure Security
• Secure cloud hosting environments
• Network firewalls and intrusion prevention measures
• Secure configuration and hardening of systems
3.4 Monitoring & Logging
• System activity monitoring and audit logging
• Detection of abnormal or suspicious behaviour
• Security event logging and analysis where technically feasible
3.5 Operational Security
• Regular security reviews and updates
• Patch management and vulnerability remediation
• Internal security awareness practices for authorised personnel
Access to Data
Access to Client and User data is strictly controlled and limited to authorised personnel only.
Access is granted solely on a need-to-know basis for legitimate operational purposes. All access is:
• Restricted by role and responsibility
• Logged and monitored where applicable
• Reviewed periodically to ensure continued necessity
• Revoked immediately when no longer required
Third-party Security Controls
Where third-party service providers are used, Sublyticx ensures that such providers are contractually required to implement appropriate security measures and comply with applicable data protection laws.
However, the Service does not control the internal security practices of third-party providers beyond reasonable due diligence and contractual safeguards.
No Guarantee of Absolute Security
While Sublyticx implements commercially reasonable and industry-standard security measures, no system or method of electronic transmission or storage is completely secure.
Accordingly, we do not guarantee absolute security of data. Users acknowledge and accept that data transmission and storage involve inherent risks.
Security Incident Management
Sublyticx maintains procedures for detecting, responding to, and managing security incidents.
In the event of a suspected or confirmed security incident, the Service will:
• Promptly investigate and assess the incident
• Contain and mitigate any potential impact
• Restore affected systems as soon as reasonably possible
• Notify affected users and/or clients where legally required (including under GDPR and POPIA breach notification obligations)
• Cooperate with relevant regulatory authorities where applicable
Continuous Improvement
Security practices are regularly reviewed and updated to reflect evolving threats, technological advancements, and legal or regulatory requirements.