Compliance & Standards

1. Regulatory Compliance

OmniForge Security maintains compliance with applicable South African and international regulations governing cybersecurity services and data protection.

2. POPIA (Protection of Personal Information Act)

Full compliance with South Africa's POPIA requirements:

• Registered with the Information Regulator
• Designated Information Officer appointed
• Data processing in accordance with lawful purposes
• Data subject rights respected and facilitated
• Security measures appropriate to risk level
• Data breach notification procedures in place

3. ISO 27001:2013 Alignment

Our information security management system (ISMS) aligns with ISO 27001:2013 controls:

• Risk assessment and management framework
• Documented security policies and procedures
• Access control and authorization mechanisms
• Cryptographic controls for data protection
• Physical and environmental security
• Operations security and change management
• Business continuity and disaster recovery
• Compliance monitoring and auditing

Note: Formal ISO 27001 certification in progress (expected Q2 2026)

4. Industry Standards and Frameworks

4.1 NIST Cybersecurity Framework

Alignment with NIST CSF core functions:

• Identify: Asset management and risk assessment
• Protect: Access controls and protective technologies
• Detect: Continuous monitoring and detection processes
• Respond: Incident response capabilities
• Recover: Recovery planning and improvements

4.2 CIS Critical Security Controls

Implementation of CIS Controls v8 across our infrastructure

4.3 OWASP Standards

Web application testing follows OWASP Testing Guide and Top 10 frameworks

4.4 PTES (Penetration Testing Execution Standard)

All penetration testing engagements follow PTES methodology

5. Data Sovereignty

• Client data stored within South African borders (default)
• Cloud services selected for SA data center availability
• International data transfers comply with POPIA requirements
• Subprocessors reviewed for jurisdictional compliance

6. Contractual Compliance

6.1 Service Level Agreements (SLAs)

• Response time commitments documented and tracked
• Service availability guarantees (where applicable)
• Performance metrics and reporting

6.2 Data Processing Agreements

• POPIA-compliant DPAs for all client engagements
• Clear data processing terms and limitations
• Subprocessor notification and approval processes

7. Professional Certifications

Our team holds recognized industry certifications:

• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• CISSP (Certified Information Systems Security Professional)
• CompTIA Security+
• Linux Professional Institute certifications

8. Insurance Coverage

• Professional indemnity insurance maintained
• Cyber liability insurance coverage
• Errors and omissions (E&O) protection
• Coverage details available upon request

9. Ethical Standards

We adhere to professional codes of ethics:

• (ISC)² Code of Ethics (CISSP holders)
• EC-Council Code of Ethics (CEH holders)
• Offensive Security's professional standards
• Internal code of conduct for all staff

10. Continuous Compliance

• Quarterly compliance reviews and gap assessments
• Regular updates to policies and procedures
• Staff training on compliance requirements
• External audit participation (upon request)
• Monitoring of regulatory changes and updates

11. Client Compliance Support

We assist clients with their own compliance requirements:

• POPIA gap analysis and remediation planning
• ISO 27001 implementation support
• PCI-DSS compliance for payment processing
• Industry-specific compliance (HIPAA-equivalent, etc.)
• Compliance documentation and evidence preparation

12. Compliance Documentation

For detailed compliance information or documentation requests: