Trust: Infrastructure and Technology
Minimum committed uptime
Transactions successfully processed*
*Minimum commitment
Committed support availability
“Electrum is committed to the pinnacle of security and compliance. Customers trust our technology and infrastructure to perform, to be available, and to be secure.”
Electrum undergoes independent third-party audits to attest and certify Electrum’s security, data privacy and compliance controls to help meet customers’ legal, regulatory, and organisational policy requirements.
Electrum maintains an ISO 27001 certification, which outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Electrum is authorised in terms of the National Payment System Act, 1998, as a System Operator in the following payment systems: EFT DEBIT| EFT CREDIT| RTC SERVICE| RAPID PAYMENTS.
Electrum uses Amazon Web Services (AWS) to run our infrastructure, allowing us to blend our own information security practices with AWS's robust security and privacy features to maintain a secure cloud environment.
Electrum uses different methods and protocols to turn data into an unreadable format, ensuring that the data is safe from unauthorised access. Data is encrypted both at rest and in transit using the industry-leading encryption standards.
At Electrum, we shape our privacy rules following the South African Protection of Personal Information Act (POPIA). Our ISO 27001 certification process is aligned with POPIA requirements.
Electrum has implemented specialised tools in our environment to detect and defend against cyber-attacks. In addition, we incorporated various cloud security features that actively scan for, identify and immediately alert our cybersecurity team of potential threats.
Electrum maintains a Business Continuity Policy (BCP) and Disaster Recovery Plan (DRP), which mandates that the BCP and DRP, testing, and procedures are updated and performed on a regular basis.
Electrum’s coding process is secure and follows industry best practices. We assess risks, use secure engineering principles such as code training and analysis, and prioritise information security and privacy in new projects. We have a solid change control process, separate development environments, and thorough testing for updates.
Electrum uses industry-leading security tools that automatically check for security issues in our environments. If we find a problem, we carefully assess the associated risk and find a way to remediate it. We also conduct annual penetration testing to uncover any other weaknesses.
Electrum implements security controls for employees and contractors before, during, and after their engagement with Electrum. These controls include information security and privacy (including POPIA) training.
Electrum operating as a data processor does not sell, share, or export customer data to third parties. We use customer data only to provide and improve our service.
We regularly back up data. The target recovery point objective in respect of customer data is one day and the target recovery time objective in respect of the SaaS Services is four hours.
Electrum offers 90 days of online storage for searchable customer transaction records and up to 10 years of archival storage for compliance and audit transaction records.
Electrum established an incident management process and procedures to ensure the timely detection of and support of the rapid response to security incidents. In the event of a confirmed incident involving customers’ data, we will notify the customer within the time frame required under applicable law or as contractually agreed.
