Legal
Security Statement
Last updated: February 2026
Encryption
All data in transit is protected using TLS encryption. Data at rest is encrypted using industry-standard encryption algorithms. Encryption keys are managed securely with regular rotation schedules.
Access control
Role-based access control (RBAC) is enforced across all system components. The principle of least privilege is applied -- users only have access to the data and functions required for their role. All access is logged.
Backups
Regular automated backups ensure data durability. Backup procedures include verification testing. Recovery procedures are documented and periodically tested.
Incident response
ZYENEX maintains an incident response process for security events. This includes detection, containment, investigation, and notification procedures. Affected parties are notified in accordance with applicable obligations.
Auditability
Comprehensive audit logging captures user actions, data access, configuration changes, and system events. Audit logs are retained according to configurable policies and are accessible to authorised administrators.
Deployment model options
ZYENEX CPMS supports deployment configurations that can be tailored to institutional requirements. Deployment options and their security implications are discussed during the onboarding process.