GRCPro
Solutions Platform Contact
Sign In

Legal

Security

GRCPro (Private) Limited · Operating in Zimbabwe · Last updated 18 June 2026

Privacy Policy Terms of Service Security

This document is provided for general information purposes and does not constitute legal advice. If you require advice tailored to your organisation, please consult qualified legal counsel in Zimbabwe.

Security is central to GRCPro. Organisations across Zimbabwe trust us with sensitive governance, risk, and compliance data. This page summarises how GRCPro (Private) Limited protects that information. For privacy-specific rights and data handling, see our Privacy Policy.

1. Security Programme

We maintain an information security programme aligned with recognised industry practices and informed by Zimbabwe's Cyber and Data Protection Act [Chapter 12:07]. Controls are reviewed regularly and adapted as threats, regulations, and customer requirements evolve.

2. Encryption

  • In transit: connections to GRCPro use TLS 1.2 or higher to encrypt data between your browser and our servers.
  • At rest: customer data stored in our production environment is encrypted using industry-standard algorithms on supported infrastructure.
  • Secrets: credentials, API keys, and integration tokens are stored using secure hashing or vault mechanisms as appropriate.

3. Access Control

GRCPro implements role-based access control (RBAC) so users only access modules and records permitted by their role. Features include:

  • Granular permissions for risk, compliance, governance, audit, and administration functions.
  • Team and business-unit scoping for multi-department organisations.
  • Session management with automatic timeout on inactivity.
  • Administrative audit trails for sensitive actions.

4. Authentication

We support secure password policies configurable by administrators, including minimum length and complexity requirements. Multi-factor authentication (MFA) and single sign-on (SSO) integrations may be available on enterprise plans. Failed login attempts are monitored to deter brute-force attacks.

5. Infrastructure and Hosting

Production systems run on hardened infrastructure with network segmentation, firewalls, and monitored access. Backups are performed on a scheduled basis and tested for recoverability. We use reputable cloud and hosting providers that maintain their own security certifications and physical controls.

6. Logging and Monitoring

We log authentication events, administrative changes, and security-relevant platform activity. Logs are protected against tampering and reviewed for anomalies. Customers can access audit trails within the application for their own compliance and investigation needs.

7. Secure Development

Application changes follow controlled release processes. We apply security considerations during design and code review, dependency monitoring, and pre-production testing. Vulnerability findings are prioritised and remediated based on severity.

8. Incident Response

We maintain an incident response procedure for suspected security events. If we determine that a breach affecting customer personal information has occurred, we will notify affected customers and relevant authorities as required by Zimbabwean law, including obligations under the Cyber and Data Protection Act, without undue delay.

9. Compliance Alignment

GRCPro is designed to support customer compliance programmes. Our own controls are mapped to frameworks commonly used by enterprises in Zimbabwe and the region, including:

  • ISO/IEC 27001 information security management principles.
  • NIST Cybersecurity Framework concepts for identify, protect, detect, respond, and recover.
  • Requirements relevant to regulated sectors (financial services, telecommunications, and public sector) as applicable to our role as a software provider.

Formal certification status, if any, is available to enterprise customers under NDA upon request.

10. Customer Responsibilities

Security is a shared responsibility. You should:

  • Use strong, unique passwords and enable MFA where available.
  • Assign least-privilege roles to users and remove access when staff leave.
  • Protect devices used to access GRCPro and avoid shared or public terminals for sensitive work.
  • Report suspected security incidents promptly.

11. Responsible Disclosure

If you believe you have discovered a security vulnerability in GRCPro, please report it responsibly to security@grcpro.net. Include sufficient detail to reproduce the issue. We ask that you do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate. We do not pursue legal action against good-faith security research conducted in accordance with this policy.

12. Contact

  • Security team: security@grcpro.net
  • Privacy enquiries: privacy@grcpro.net

For urgent active incidents affecting your production tenant, contact your account manager or use the in-app support channel if available on your plan.

GRCPro

Enterprise governance, risk, and compliance platform serving organisations across Zimbabwe and Africa.

Product

  • Solutions
  • Platform
  • Start Free Trial

Company

  • Contact
  • Sign In

Legal

  • Privacy Policy
  • Terms of Service
  • Security
© 2026 GRCPro. All rights reserved. Registered in Zimbabwe. Back to home