Information Security - Champs Group | Cybersecurity & Data Protection

1. Our Approach to Information Security

At Champs Group, Information Security is not just a department; it's an integral part of our culture and operations. We are committed to protecting the confidentiality, integrity, and availability of all data we process, whether it belongs to our clients, our partners, or our own organization. Our comprehensive InfoSec framework is built on industry best practices and designed to mitigate risks in an evolving threat landscape.

Our Philosophy: Proactive defense, continuous vigilance, and a security-first mindset are at the core of how we protect information and build trust.

2. Security Governance & Policies

A robust governance structure underpins our information security program, ensuring clear responsibilities, regular oversight, and adherence to established policies.

Security Policy Framework: Comprehensive policies covering data handling, access control, acceptable use, incident response, and more.
Dedicated Security Team: Our team of certified cybersecurity professionals oversees all aspects of information security.
Risk Management: Regular risk assessments identify, evaluate, and prioritize security risks, followed by the implementation of appropriate controls.
Third-Party Security: Strict vendor assessment and management processes ensure our partners and suppliers meet our security standards.

3. Technical Security Measures

We implement a layered defense strategy utilizing advanced technical controls to protect our systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

Category	Key Measures Implemented
Network Security	Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), network segmentation, VPNs for remote access, DDoS protection.
Endpoint Security	Advanced Anti-Malware, Endpoint Detection & Response (EDR), device encryption, patch management, privileged access management.
Data Encryption	Encryption of data at rest (storage) and in transit (SSL/TLS, VPNs) for sensitive information.
Access Control	Strong authentication (MFA), role-based access control (RBAC), least privilege principle, regular access reviews.
Vulnerability Management	Regular vulnerability scanning, penetration testing by independent third parties, timely patching of systems.
Logging & Monitoring	Centralized logging, Security Information and Event Management (SIEM) for real-time threat detection and analysis.
Cloud Security	Secure configuration, continuous monitoring, and adherence to cloud security best practices for our cloud environments.

4. Organizational Security Measures

Our commitment to security extends beyond technology to our people and processes, ensuring a holistic approach to data protection.

Security Awareness Training: Mandatory and ongoing training for all employees on data privacy, cybersecurity threats (e.g., phishing), and secure work practices.
Employee Background Checks: Thorough background checks for all new hires in accordance with local laws and business requirements.
Data Classification: All data is classified based on sensitivity, with appropriate handling and protection measures applied.
Secure Development Lifecycle (SDLC): Security considerations are integrated into every stage of our software development processes.
Physical Security: Strict controls over physical access to our offices and data centers.

5. Incident Management & Business Continuity

Despite robust preventative measures, we recognize that incidents can occur. We have comprehensive plans in place to respond effectively and minimize impact.

Incident Response Plan: A defined protocol for identifying, containing, eradicating, recovering from, and analyzing security incidents.
Business Continuity Planning (BCP): Strategies and procedures to ensure critical business functions can continue during and after disruptive events.
Disaster Recovery (DR): Robust backup and recovery solutions with regular testing to ensure data restorability and system availability.
Post-Incident Review: Thorough analysis of every incident to identify root causes and implement improvements.

6. Compliance & Certifications

Champs Group adheres to various international and local security standards and regulations, demonstrating our commitment to maintaining the highest level of information security.

ISO 27001 Certified (Planned)

International standard for Information Security Management Systems (ISMS).

POPIA Compliant

Adherence to South Africa's Protection of Personal Information Act.

GDPR Aligned

Practices aligned with the European Union's General Data Protection Regulation.

NIST Cybersecurity Framework

Leveraging NIST guidelines for identifying, protecting, detecting, responding, and recovering.

Note: While we actively align with and pursue certifications like ISO 27001, our operational compliance with POPIA and GDPR forms the foundation of our data protection efforts. We continuously audit our processes to ensure ongoing adherence.

7. Continuous Improvement

The threat landscape is constantly evolving, and so are our defenses. We are committed to a cycle of continuous improvement in our information security posture.

Regular review and updates of security policies and procedures.
Ongoing investment in security technologies and training.
Participation in industry forums and threat intelligence sharing.
Periodic internal and external audits to identify areas for enhancement.

8. Information Security FAQs

How do you protect client data? +

We employ a multi-layered approach including encryption (at rest and in transit), strict access controls, network security measures (firewalls, IDS/IPS), regular vulnerability assessments, and comprehensive security awareness training for our staff. All data processing adheres to POPIA and GDPR principles.

Are your employees trained in information security? +

Yes, all Champs Group employees undergo mandatory and continuous information security and data privacy training. This ensures they are aware of the latest threats and best practices for protecting sensitive information.

What happens if a security incident occurs? +

We have a robust Incident Response Plan in place. In the event of an incident, our security team follows a structured protocol to identify, contain, eradicate, recover from, and conduct a post-mortem analysis. Clients affected by an incident are notified promptly and transparently as required by law.

Do you perform penetration testing? +

Yes, we regularly engage independent third-party experts to conduct penetration tests and vulnerability assessments on our systems and applications to identify and remediate potential weaknesses proactively.

9. Contact Our Security Team

For security-related inquiries, concerns, or to report a potential vulnerability, please contact our Information Security team.

Information Security Inquiries

Email: security@champsafrica.com

Phone: 021 879 3038

Hours: 24/7 Monitoring, Inquiries during 8:30 AM - 4:30 PM (Monday-Friday, SAST)

Address: Security Operations Center, Champs Group, Van Riebeeck Rd, Kuilsriver, Cape Town, 8000, South Africa

Report a Security Concern

Our Commitment to Information Security

Table of Contents