Introduction
At TELA, safeguarding the confidentiality, integrity, and availability of your information is paramount to us. This Information Security Policy outlines the procedures, principles, and measures that TELA has implemented to ensure the protection of personal, financial, and sensitive data of our users. All employees, contractors, and partners are required to adhere to this policy to maintain the highest level of security.This policy aligns with global best practices, as well as Nigerian laws and regulatory requirements, including the Nigerian Data Protection Regulation (NDPR) and the Central Bank of Nigeria’s (CBN) guidelines for fintech businesses.
1. Purpose and Scope
This Information Security Policy is designed to:- Protect personal, financial, and transaction data from unauthorized access, use, disclosure, modification, or destruction.
- Ensure the availability, accuracy, and integrity of data handled by TELA.
- Prevent security breaches and mitigate potential risks.
- Comply with relevant Nigerian laws, regulations, and industry standards.
- Establish security awareness and a culture of accountability within TELA.
The scope of this policy applies to all TELA systems, data, users, and employees, and covers all physical, technical, and administrative security measures.
2. Roles and Responsibilities
2.1 Information Security Officer (ISO):
TELA designates an Information Security Officer (ISO) responsible for overseeing the implementation, management, and enforcement of this policy. The ISO will work closely with other departments, including IT, legal, and compliance, to ensure all information security standards are adhered to.
2.2 Employees and Contractors:
All employees, contractors, and third-party vendors with access to TELA systems must comply with this policy. Any violations of this policy will result in disciplinary actions, which may include termination of employment or contracts and legal consequences.
2.3 Users (Customers):
Users of the TELA app are expected to take responsibility for the security of their account information, including keeping their login credentials confidential and promptly reporting any suspicious activity.
3. Data Protection and Privacy
3.1 Data Classification:
All data handled by TELA is classified based on its sensitivity level:
- Confidential Data: Personal user data, financial transaction data, and other sensitive data.
- Internal Data: Operational data related to business processes.
- Public Data: Data that is publicly accessible and does not require special protection.
3.2 Data Encryption:
All sensitive data (e.g., personal information, payment details) will be encrypted both in transit and at rest using industry-standard encryption protocols (e.g., AES-256, TLS). This ensures that even if data is intercepted, it remains unreadable.
3.3 Access Control:
Access to confidential and sensitive data is granted based on the principle of least privilege. Only authorized personnel who require access to specific data to perform their job duties will be granted access. Users must authenticate themselves before accessing any sensitive or confidential data. Multi-factor authentication (MFA) is used for sensitive transactions and user access.
3.4 Data Retention and Deletion:
TELA will retain user data only for as long as necessary to fulfill its purpose. Once the retention period is over, data will be securely deleted, and access to such data will be disabled.
3.5 User Consent:
Before collecting any personal data, TELA will obtain explicit consent from users, outlining the types of data collected, the purposes of data collection, and how the data will be used. Users will also have the option to withdraw their consent at any time.
4. System and Network Security
4.1 Firewalls and Intrusion Detection Systems (IDS):
TELA deploys firewalls and intrusion detection/prevention systems to monitor and protect its internal network and systems from unauthorized access, attacks, or malicious activities. The firewalls and IDS will be regularly updated to handle new threats.
4.2 Vulnerability Management:
TELA conducts regular vulnerability assessments, penetration testing, and security audits to identify and mitigate security weaknesses. Patches and security updates are applied promptly to ensure that systems are protected from known vulnerabilities.
4.3 Secure Software Development Life Cycle (SDLC):
All applications and systems developed for TELA follow secure coding practices throughout their lifecycle. Security testing is conducted during the development phase to identify and address potential risks before deployment.
4.4 Data Backup:
TELA ensures that all critical data is backed up regularly and securely. These backups are stored in a secure location and tested periodically to ensure data can be restored in case of system failure, natural disasters, or cyber incidents.
5. Physical Security
5.1 Secure Data Centers:
TELA’s data is hosted in secure data centers that are protected by physical access controls such as biometric scanners, keycards, and security personnel. These data centers are designed to withstand environmental threats such as fire, floods, and power failures.
5.2 Access Control:
Physical access to TELA’s office spaces, servers, and network equipment is restricted to authorized personnel only. All access to sensitive areas is logged and monitored.
5.3 Workstation Security:
Employees are required to lock their computers and other devices when not in use to prevent unauthorized access. All laptops, mobile devices, and USB storage devices must be secured and encrypted.
6. Incident Response and Management
6.1 Incident Detection:
TELA has established a comprehensive system for detecting and responding to security incidents. This includes the use of monitoring tools to detect suspicious activities, such as unauthorized access or data breaches.
6.2 Incident Reporting:
Employees and users must report any suspected security incidents, breaches, or vulnerabilities to the designated Information Security Officer (ISO) or through the designated incident reporting channels.
6.3 Incident Response Plan:
In the event of a security breach or other incident, TELA has a defined incident response plan that outlines the steps for containing, investigating, and resolving the issue. This includes notifying affected users and regulatory bodies where necessary.
6.4 Post-Incident Review:
After resolving an incident, TELA conducts a post-incident review to identify the cause of the issue, determine if any systems or processes need to be improved, and implement any corrective actions.
7. Security Awareness and Training
7.1 Employee Training:
TELA conducts regular security awareness training for all employees, contractors, and vendors. Training topics include password management, phishing attacks, secure communications, and incident reporting.
7.2 User Awareness:
TELA educates its users about potential security threats, such as phishing scams, password safety, and how to protect their accounts through the app. Users are encouraged to enable multi-factor authentication and report any suspicious activity.
8. Compliance with Legal and Regulatory Requirements
TELA is committed to complying with all applicable data protection, privacy, and cybersecurity regulations in Nigeria, including:- Nigerian Data Protection Regulation (NDPR): Ensuring that personal data is processed lawfully, transparently, and with respect for the rights of individuals.
- Central Bank of Nigeria (CBN) Guidelines: Adhering to security protocols outlined for fintech operations and payment services.
- Other Relevant Laws: Compliance with Nigerian cybersecurity laws, anti-money laundering (AML) regulations, and other industry-specific requirements.
9. Third-Party Providers and Vendors
TELA ensures that any third-party providers, such as payment processors, cloud hosting providers, and service vendors, adhere to the same high standards of security and privacy as outlined in this policy. We require all third-party vendors to sign data protection agreements that stipulate their security responsibilities and compliance with relevant laws.
10. Policy Review and Updates
TELA’s Information Security Policy will be reviewed at regular intervals to ensure its effectiveness and compliance with changing regulatory requirements. Updates to the policy will be communicated to all relevant stakeholders, and users will be informed of any changes that may affect their privacy and security.
11. Contact Information
If you have any questions or concerns about this Information Security Policy or require more information about our data protection practices, please contact us:
Email: support@tela.ngPhone: +234 9133124223
By using TELA, you acknowledge that you have read, understood, and agree to comply with this Information Security Policy.