Security & Compliance Overview
Affinidi’s Trust Centre serves as your comprehensive resource for understanding our robust security infrastructure and privacy commitments. We prioritise the security and privacy of data on our systems. Our state-of-the-art security measures and compliance frameworks ensure that the security and privacy of data on our systems are prioritised so organisations can confidently build and scale their solutions to the highest standards of data protection. This platform is approved and maintained regularly by senior management, and reviewed by external auditors.
Implemented
ISO 27001 controls fully implemented and verified
In Progress
Controls currently being implemented
Optimising
Controls currently being optimised
Next Audit
Planned independent security assessment
Control Categories Last updated on Fri, 07 Feb 2025
Organizational Controls
- Policies for Information Security
Information security policy and topic-specific policies should be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur.
- Information Security Roles and Responsibilities
Information security roles and responsibilities should be defined and allocated according to the organization needs.
- Segregation of Duties
Conflicting duties and conflicting areas of responsibility should be segregated.
- Management Responsibilities
Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies, and procedures of the organization.
- Contact with Authorities
The organization should establish and maintain contact with relevant authorities.
People Controls
- Screening
Background verification checks on all candidates to become personnel should be carried out prior to joining the organization and on an ongoing basis, taking into consideration applicable laws, regulations, and ethics, and be proportional to business requirements, the classification of the information to be accessed, and the perceived risks.
- Terms and Conditions of Employment
The employment contractual agreements should state the personnel’s and the organization’s responsibilities for information security.
- Information Security Awareness, Education, and Training
Personnel of the organization and relevant interested parties should receive appropriate information security awareness, education, and training, and regular updates of the organization’s information security policy, topic-specific policies, and procedures, as relevant for their job function.
- Disciplinary Process
A disciplinary process should be formalized and communicated to take actions against personnel and other relevant interested parties who have committed an information security policy violation.
- Responsibilities After Termination or Change of Employment
Information security responsibilities and duties that remain valid after termination or change of employment should be defined, enforced, and communicated to relevant personnel and other interested parties.
Physical Controls
- Physical Security Perimeters
Security perimeters should be defined and used to protect areas that contain information and other associated assets.
- Physical Entry Controls
Secure areas should be protected by appropriate entry controls and access points.
- Securing Offices, Rooms, and Facilities
Physical security for offices, rooms, and facilities should be designed and implemented.
- Physical Security Monitoring
Premises should be continuously monitored for unauthorized physical access.
- Protecting Against Physical and Environmental Threats
Protection against physical and environmental threats, such as natural disasters and other intentional or unintentional physical threats to infrastructure, should be designed and implemented.
Technology Controls
- User Endpoint Devices
Information stored on, processed by, or accessible via user endpoint devices should be protected.
- Privileged Access Rights
The allocation and use of privileged access rights should be restricted and managed.
- Information Access Restriction
Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control.
- Access to Source Code
Read and write access to source code, development tools, and software libraries should be appropriately managed.
- Secure Authentication
Secure authentication technologies and procedures should be implemented based on information access restrictions and the topic-specific policy on access control.
Compliance
ISO27001-2022
Information Security, Cybersecurity And Privacy Protection — Information Security Management Systems
View CertificateISO27001-2022
Information Security, Cybersecurity And Privacy Protection — Information Security Management Systems
View Certificate