Dama Digital Solutions
Building Relationships Bit by Bit
Information Security Policy
Dama Digital Solutions PLC (DamaDigit)
1. Introduction
At Dama Digital Solutions (DamaDigit), the security of our clients' data and our digital infrastructure is a top priority. As pioneers of digital transformation in Ethiopia, we recognize the sensitivity of the HR, Payroll, and Financial data managed within our ecosystem. This policy outlines our commitment to maintaining a secure environment and the standards we follow to protect our information assets.
2. Core Security Principles
We strictly adhere to the CIA Triad to ensure the highest level of data protection:
Confidentiality:
Ensuring that sensitive data is only accessible to authorized users.
Integrity:
Protecting data from unauthorized modification or tampering throughout its lifecycle.
Availability:
Designing our systems for high reliability so that services are accessible when our clients need them.
3. Infrastructure & Network Security
Our cloud-native approach ensures that your data is housed in a fortified digital environment:
Cloud Hosting:
We utilize leading global cloud service providers. Physical infrastructure security and OS patching are managed by the provider to meet international security standards.
Network Segmentation:
We employ Virtual Private Clouds (VPCs) and Subnets to isolate workloads. Traffic is strictly restricted via cloud-native Security Groups and Network ACLs, following the Principle of Least Privilege.
Continuous Deployment:
Our automated pipelines allow us to deploy the latest security patches immediately upon the identification of any vulnerability.
4. Data Protection & Access Control
We implement rigorous identity management to prevent unauthorized access:
Authentication:
We enforce a strict password policy (12-character minimum with complexity requirements) and utilize Single Sign-On (SSO) for streamlined, secure access.
Multi-Factor Authentication (MFA):
MFA is mandatory for accessing all sensitive internal systems and our cloud management environments.
Physical Security:
All DamaDigit employee devices are domain-controlled, encrypted, and protected by centrally managed anti-virus and anti-malware solutions.
5. Business Continuity & Incident Response
We ensure that DamaDigit remains resilient against disruptions:
Backups:
We perform full data backups weekly (with incremental daily backups) to ensure data resilience and recovery.
Disaster Recovery:
We conduct formal disaster recovery testing twice per year to validate our restoration capabilities and ensure minimal downtime.
Incident Handling:
We maintain a structured internal process to identify, contain, and remediate any suspected security incidents or threats immediately.
6. Personnel Security
Security is a core part of our company culture:
Background Checks:
All employees undergo comprehensive criminal and background checks during the hiring process to ensure the integrity of our team.
Security Awareness:
Employees receive regular security training to stay informed about modern cyber threats, including phishing, social engineering, and ransomware.
7. Compliance & Transparency
DamaDigit conducts internal security reviews on a need-basis to ensure continued effectiveness as we scale our AI-integrated SaaS offerings.
Note on Transparency:
While detailed internal architecture diagrams and specific audit reports remain confidential to protect our infrastructure from external threats, we are committed to being transparent with our clients regarding our overall security posture.
Contact Our Security Team
If you have questions regarding our security practices or wish to report a security concern, please visit our Contact Page or reach out to us at:
Address
Dama Digital Solutions PLC
Addis Ababa, Ethiopia
Website
damadigit.com/contactBuilding Relationships Bit by Bit.