Security & Compliance
Trust isn't a badge. It's how we build.
Your asset data is the operational nervous system of your organization. We treat it like ours — with enterprise-grade security, transparent controls, and evidence ready for any auditor who asks.
The six pillars of NuruOne security.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Hardware-backed keys with quarterly rotation.
Identity & access
SSO (SAML, Google, Microsoft), role-based access control, MFA for every user, granular permissions.
Audit trails by default
Every action — by every user, across every asset — captured and exportable. Tamper-evident logs.
Resilient infrastructure
99.9% uptime SLA. Multi-region backups. RPO 1 hour. RTO 4 hours. Disaster recovery tested quarterly.
Data residency
Choose where your data lives — Africa, Europe or your own private deployment for Enterprise plans.
Privacy by design
POPIA & GDPR aligned. Data Processing Agreements available. Registered Information Officer.
Certifications & posture
Audit-ready, on day one.
We publish our posture honestly — including the work that's in flight. Procurement and infosec teams can request our full evidence pack under NDA.
- ISO 27001-alignedIndependent assessment in progress
- POPIA CompliantRegistered Information Officer
- GDPR CompliantEU Data Processing Agreement available
- SOC 2 Type IIAudit underway — report Q4
- B-BBEE Level 2Annual affidavit on request
- Tax compliantSARS tax PIN provided on request
Infosec questionnaire? Send it over.
Standard responses to CAIQ, SIG and most vendor due-diligence forms are turned around in three business days.