Top Up Africa IT Policy

Rc No: 1146549
INFORMATION TECHNOLOGY POLICY
Top Up Africa Ltd

Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
1
Rc No: 1146549
CONTENTS
Introduction 3
Policy Statement 3
IT Infrastructure: 3
1.Privacy Policy 5
2. Information Ownership/Disclosure/Loss Policy 9
3.Disclosure Policy 10
4.Loss Policy 11
5. Network Security and Encryption Policy 12
6. Confidential Data Policy 12
5. Password/PIN Policy 13
7. Third Party Connection Policy 14
8. Incidence Response Policy 16
9. Physical Security Policy 17
ANNEX 1 22
Top Up Africa Ltd

Abuja FCT
2
Rc No: 1146549
DEFINITIONS:
Acronyms Definition
TUA Top Up Africa Ltd
VPN Virtual Private Network
LAN Local Area Network
TBD Technical Business Development
DVD Digital Video Disc
TCP/IP Transmission control protocol/Internet protocol
DHCP Dynamic Host Configuration Protocol
DR Disaster Recovery
CD Compact Disc
PC Personal/private computer
Top Up Africa Ltd

Abuja FCT
3
Rc No: 1146549
INTRODUCTION
POLICY STATEMENT
To meet the enterprise business objectives and ensure continuity of its
operations, Top Up Africa Ltd (Hereinafter referred to as “The Company, “We”
Or “Top Up Africa””) shall adopt and follow well-defined and time-tested plans
and procedures, to ensure the Information Technology security of all of its
information assets and human assets.
Top Up Africa's Information Technology Infrastructure Management which

includes the management of Top Up Africas’ telecommunications equipment,
Domain, Email/Web Management and Software management. Is managed
and administered by the IT Department . The departments involvement in each
of these areas allows for a greater level of integration and efficiency of the
organization as a company and also enhances the company’s business
relationship with 3rd party vendors
IT Infrastructure:
The core responsibility of the IT department is to ensure infrastructural IT related
devices are up and running.
Functions include supervision of out-sourced tasks along with the allocation and
maintenance of resources required to maintain the company’s LAN, servers,
workstations, network devices, and cloud-based devices, applications and
databases. The security and integrity of the information systems at Top Up Africa
are also very important.
Top Up Africa Ltd

Abuja FCT
4
Rc No: 1146549
Established periodic review meetings will be held among staff of the

department with a comprehensive report submitted to the Managing Director
three days prior to the first Friday of each month (Communications occur on a
daily basis to ensure proper personnel and resources are available to perform
the assigned tasks).
Key duties to be used as yardstick include:

1. Assisting in the development of the IT Department Strategic Plan.
2. Maintain a list of all administrative passwords for systems under the
Department’s jurisdiction in a secure location.
3. Archive and store critical data in a secure location.
Propose and implement modifications and/or expansions of Top Up
Africa's Limited IT infrastructure.
4. The enforcementof all appropriate policies and procedures
Infrastructure is further divided into two major components: network and

applications.
The network component focuses on the LAN, from the media and network
appliances to the addressing schemes, network services, and the hardware
aspect of all nodes and equipment.
The application component focuses on the software, data, and related support
services requirements of Top Up Africa.
Top Up Africa Ltd

Abuja FCT
5
Rc No: 1146549
Telecommunication: The systems for communicating with individuals or

organizations outside of the Top Up Africa’s network.
RESOURCES AND EQUIPMENT

The IT Department has control over all computer workstations, network devices,
software, and all other computer/telephony components and accessories. The
purchase, modification, or placement on the company’s network or existing
systems of any of the aforementioned items must be authorized by the TBDM, or
by an officially designated proxy.
All software and hardware relating to computer/network/telephony systems are

inventoried and maintained according to the IT Department Policies, and within
the appropriate subsections of the IT Operational Procedures.
1.Privacy Policy
Top Up Africa’s privacy policy is designed to allow its users, consumers, and
visitors to make informed decisions on whether or not to use the Top Up Africa
services, or information contained on its website.
If you have grievances with either the Top Up Africa application/software or the
information contained on its website, please DO NOT use.
This privacy policy is incorporated into and is subject to Top Up Africa ’s terms of
service. If you make use of the Top Up Africa app, services, or any of the
information available on the Top Up Africa website, or provide any personal
Top Up Africa Ltd
Abuja FCT
6
Rc No: 1146549
information in relation to the Top Up Africa app, Top Up Africa services, or Top
Up Africa website, they all remain subject to this privacy policy and its terms of
service.
In lieu of this, it is important to note that any information put up at the direction,
or at the discretion of users of the Top Up Africa service becomes published
content. Therefore, it is not personally identifiable information subject to this
privacy policy.
1.1. Limitations of the Policy
This privacy policy is part of Top Up Africa’s Terms of Service and covers the
treatment of user information, including personally identifying information
obtained by Top Up Africa, including information obtained when the Top Up
Africa site is accessed, when the Top Up Africa service is used, or any other
information provided by Top Up Africa.
This privacy policy does not apply to the practices of the companies that Top
Up Africa does not own or control, or to individuals whom Top Up Africa does
not employ or manage, including any of the third parties to which Top Up Africa
may disclose user information as set forth in this privacy policy.
1.2. The Information Top Up Africa Collects
Top Up Africa may obtain the following types of information from or

concerning its users, which may include information that can be used to identify
said user(s) as specified below (personally identifying information)
Top Up Africa Ltd

Abuja FCT
7
Rc No: 1146549
i. User Provided Information: users provide certain Personally Identifying

Information like mobile phone numbers, names, email addresses and/or
any other required information to Top Up Africa when choosing to
participate in various uses of the Top Up Africa services, such as opening
an account, funds transfer etc. In order to provide the service, Top Up
Africa will periodically access and re-evaluate your provided information
for security purposes.
ii. Cookies Information: When the Top Up Africa site is visited, it may send
one or more cookies – a small text file containing a string of alphanumeric
characters – to your computer that uniquely identifies your browser.
Important to note is the fact that the Top Up Africa site may not function
properly if the ability to accept cookies is disabled.
iii. Log File Information: When you use the Top Up Africa site, our servers
automatically record certain information that your web browser sends
whenever you visit any website. These server logs may include information
such as your web request, Internet Protocol ("IP") address, browser type,
browser language, referring / exit pages and URLs, platform type, number
of clicks, domain names, landing pages, pages viewed and the order of
those pages, the amount of time spent on particular pages, the date and
time of your request, one or more cookies that may uniquely identify your
browser, your phone number, the phone number you are requesting the
status of and various status information. When you use the Top Up Africa
Top Up Africa Ltd
Abuja FCT
8
Rc No: 1146549
service, our servers log certain general information that our application
sends whenever a message is sent or received, or if you update or request
any status information, including time and date stamps and the mobile
phone numbers the messages were sent from and to.
1.3 The Way Top Up Africa Uses Information
When you submit Personally Identifiable Information to us through the Top Up

Africa site, or other Top Up Africa service, we use your personal information to
operate, maintain, and provide to you the features and functionality of the Top
Up Africa sites, services and applications
All information collected is essential to your use of the Top Up Africa service and
will be retained. Any billing information that may be collected from you will be
deleted thirty (30) days after the termination of your account with Top Up Africa.
We do not use your mobile phone number or other Personally Identifiable

Information to send commercial or marketing messages without your consent or
except as part of a specific program or feature for which you will have the
ability to opt-in or opt-out.
We may, however, use your mobile phone number (or email address, if
provided) without further consent for non-marketing or administrative purposes
(such as notifying you of major Top Up Africa site or service changes or for
customer service purposes).
Top Up Africa Ltd

Abuja FCT
9
Rc No: 1146549
We may use both your Personally Identifiable Information and certain

non-personally identifiable information (such as anonymous user usage data,
cookies, IP addresses, browser type, clickstream data, etc.) to improve the
quality and design of the Top Up Africa site and service and to create new
features, promotions, functionality, and services by storing, tracking, and
analyzing user preferences and trends. Hopefully we improve the Top Up Africa
site and service and don’t make it worse.
We may use cookies and log file information to: (a) remember information so
that you will not have to re-enter it during your visit or the next time you use the
Top Up Africa service for Top Up Africa site; (b) provide custom, personalized
content and information; (c) monitor individual and aggregate metrics such as
total number of visitors, pages viewed, etc.; and (d) track your entries,
submissions, views and such.
1.4. You Have a Choice
You may, of course, decline to submit Personally Identifiable Information through

the Top Up Africa site or service, in which case we may not be able to provide
certain services to you. If you do not agree with our Privacy Policy or Terms of
Service, please uninstall the Top Up Africa mobile application
and discontinue use of the Top Up Africa service; your continued usage of Top
Up Africa service will signify your assent to and acceptance of our Privacy Policy
and Terms of Service. To protect your privacy and security, we take reasonable
steps (such as SMS authentication and BVN requirement in certain cases) to
Top Up Africa Ltd
Abuja FCT
10
Rc No: 1146549
verify your identity before registering your mobile phone number and granting
you access to the Top Up Africa service. Please contact Top Up Africa via
email or support at Top Up Africa .com or available web forms with any
questions or comments about this Privacy Policy, your personal information, your
consent.
1.5. Data Security
Top Up Africa uses commercially reasonable physical, managerial, and

technical safeguards to preserve the integrity and security of your personal
information. We cannot, however, ensure or warrant the security of any
information you give or transfer to any third party and you do so at your own
risk. Once we receive your information, Top Up Africa makes commercially
reasonable efforts to ensure the security of our systems. However, please note
that this is not a guarantee that such information may not be accessed,
disclosed, altered, or destroyed by breach of any of our physical, technical, or
managerial safeguards. If Top Up Africa learns of a security systems breach,
then we may attempt to notify you electronically so that you can take
appropriate protective steps. Top Up Africa may post a notice on the Top Up
Africa site or through the Top Up Africa service if a security breach occurs.
1.6. In the Event of Merger, Sale, or Bankruptcy
In the event that Top Up Africa is acquired by or merged with a third-party
entity, we reserve the right to transfer or assign the information we have
Top Up Africa Ltd
Abuja FCT
11
Rc No: 1146549
collected from our users as part of such merger, acquisition, sale, or other
change of control. In the (hopefully) unlikely event of our bankruptcy,
insolvency, reorganization, receivership, or assignment for the benefit of
creditors, or the application of laws or equitable principles affecting creditors'
rights generally, we may not be able to control how your personal information is
treated, transferred, or used.
1.7. Changes and updates to this Privacy Notice
This Privacy Policy may be revised periodically and this will be reflected by the
"effective date” below. Please revisit this page to stay aware of any changes.
Your continued use of the Top Up Africa site and Top Up Africa service
constitutes your agreement to this Privacy Policy and any amendments.
2. Information Ownership/Disclosure/Loss Policy

Information Ownership Policy
2.1. Ownership of information or data by Top Up Africa is heavily dependent upon

the type of information in question. We delegate the ownership of information
to appropriate personnel and officers of Top Up Africa. Information pertaining to
areas such as finance, intellectual property, admin, public, etc will be dictated
by officers of Top Up Africa put in place for such purposes. These officials will be
in charge of controlling and regulating the data and information that fall under
their purview.
Top Up Africa Ltd

Abuja FCT
12
Rc No: 1146549
2.2. Top Up Africa as a corporate entity owns the right to this information and
through the actions of its officials, controls and claims ownership of all said
information. In the case that any data or information concerns Top Up Africa
and any third party, there will be a pre drafted agreement which will dictate the
control, regulation, and ownership of the data or information in question (Please
see annex 1)
2.3. Top Up Africa will not be held liable for any and all mishandled data or
information which does not fall within the purview of Top Up Africa or its
officers.
3.Disclosure Policy
3.1 We do not sell or share your Personally Identifiable Information (such as mobile
phone number) with other third-party companies for their commercial or
marketing use without your consent or except as part of a specific program or
feature for which you will have the ability to opt-in or opt-out.
3.2. We may share your Personally Identifiable Information with third party service
providers to the extent that it is reasonably necessary to perform, improve or
maintain the Top Up Africa service.
3.3. We may share non-personally-identifiable information (such as anonymous User

usage data, referring / exit pages and URLs, platform types, etc.) with interested
third-parties to assist them in understanding the usage patterns for certain
content, services, advertisements, promotions, and/or functionality on the Top
Up Africa site.
Top Up Africa Ltd

Abuja FCT
13
Rc No: 1146549
3.4 We may collect and release Personally Identifiable Information and/or

non-personally-
identifiable information if required to do so by law, or in the good-faith belief
that such action is necessary to comply with state and federal laws (such as
Nigerian Copyright Law), international law or respond to a court order,
subpoena, or search warrant or equivalent, or where in our reasonable belief,
an individual’s physical safety may be at risk or threatened.
Top Up Africa also reserves the right to disclose Personally Identifiable

Information and/or non-personally-identifiable information that we believe, in
good faith, is appropriate or necessary to enforce our Terms of Service, take
precautions against liability, to investigate and defend itself against any
third-party claims or allegations, to assist government enforcement agencies, to
protect the security or integrity of the Top Up Africa Site or our servers, and to
protect the rights, property, or personal safety of Top Up Africa , our users or
others.
4.Loss Policy
4.1 You agree that your use of the Top Up Africa shall be at your sole risk to the
fullest extent permitted by law, Top Up Africa, its Officers, Directors, Employees,
and Agents disclaim all warranties, expressed or implied, in connection with the
service and your use thereof.
Top Up Africa Ltd

Abuja FCT
14
Rc No: 1146549
4.2. Top Up Africa makes no warranties or representations about the accuracy or

completeness of this service’s content and assumes no liability or responsibility
for any (I) errors, (II) personal injury or property damage, of any nature
whatsoever, resulting from your access to and use of our service, (III) any
unauthorized access to or use of our servers and/or any and all personal
information and/or financial information or cessation of transmission to or from
our service, (IV) any bugs, viruses, Trojan horses or the like which may be
transmitted to or through our service through the actions of any third party,
and/or (V) any errors or omissions in any content or for any loss or damage of
any kind incurred as a result of the financial information stored therein, (VI) any
use of any content posted, emailed, transmitted, or otherwise made available
via Top Up Africa.
4.3 Top Up Africa does not warrant, endorse, guarantee, or assume responsibility for
any product or service advertised or offered by a third party through the Top Up
Africa service or any hyperlinked website or featured in any user status
submission or other advertising, and Top Up Africa will not be a party to or in
any way be responsible for monitoring any transaction between you and
third-party providers of products and services. As with the purchase of a product
or service through any medium or in any environment, you should use your best
judgment and exercise caution where appropriate and again, use this just for
fun.
5. Network Security and Encryption Policy
Top Up Africa Ltd

Abuja FCT
15
Rc No: 1146549
5.1. Top Up Africa is designed to provide you with financial services as a Bank in your
neighborhood, Thus, Top Up Africa’s app is built upon an end-to-end security
platform wherein all transferred personal data is encrypted by different levels of
secure firewalls. This way, all personal data is protected from falling into the
wrong hands.
Furthermore, with Top Up Africa ’s security system, it is virtually impossible to

hack into any one user’s personal financial information. Top Up Africa makes it
a conscientious priority to treat user security and protection with utmost
seriousness.
5.2. Top Up Africa adopts the security policies platform of the particular mobile
carrier that the Top Up Africa application user employs on his/her mobile
device, and for browsing purposes. In integrating with said mobile carriers, Top
Up Africa confirms that the mobile platform upon which it operates conforms
and satisfies extant regulatory acts and policies in the country which it
operates.
6. Confidential Data Policy

6.1. For the purposes of this policy, the term "confidential data" refers to private
company information or other private organizational information not intended
to be disclosed outside the context of the company or organization responsible
for that information.
Top Up Africa is an independent company which has business dealings with

other companies regarded as third parties. Top Up Africa uses electronic mail as
Top Up Africa Ltd

Abuja FCT
16
Rc No: 1146549
one of its primary modes of information interchange. Therefore, it is possible that

there will be occasions that some confidential data makes its way by mistake
into third party documents prepared or distributed electronically. To deal with
this situation, it is the policy of Top Up Africa that:
i. All submissions, either in hard copy, or in electronic form,

should be reviewed by the submitter to ensure that they
contain no confidential data; furthermore, it is the
responsibility of the submitter, to ensure that this review takes
place.
ii. If Top Up Africa officers are alerted by members or observers

that confidential data of third parties is found in Top Up Africa
documents or electronic information, the officers of the
concerned third party will remove that data from all official
Top Up Africa documents, records and files as soon as
possible.
iii. Third party members and observers who obtain copies of

documents which contain confidential data, or information
that Top Up Africa has defined as confidential shall refrain
from actions which will further disseminate such data, and
shall notify an officer of Top Up Africa so that the concerned
third party(ies) shall take appropriate action to remove such
data from official Top Up Africa records or files.
Top Up Africa Ltd

Abuja FCT
17
Rc No: 1146549
Iv. Anyone who knowingly disseminates confidential data found

in Top Up Africa’s electronic mail or other documents shall be
in direct violation of this policy of Top Up Africa. Appropriate
actions may be taken by the officers of Top Up Africa to
remediate such violations. These actions may include, but are
not limited to: termination of business dealings with third
parties (requires consent of Board of Directors), and the
banning of anyone from Top Up Africa services.
v. Note*: To be considered confidential data under this policy,

the data must be of an inherently private or confidential
nature, such as copies of internal business memoranda or
e-mail, design specifications, client or customer data or the
like. The mere presence of an email signature or similar
device claiming confidential status is not sufficient.
6. Password/PIN Policy
6.1. Passwords do not imply privacy but allow authorized users to gain access to
required applications, files and e-messages. Weak passwords have no value
and will not perform its task. Passwords need to be stronger in the case of critical
systems or when administrative level access is used.
Top Up Africa Ltd

Abuja FCT
18
Rc No: 1146549
6.2. Top Up Africa will enable remote users with access through a firewall, by
implementing one time password generating tools for firewall authentication.
Top Up Africa will also protect such tools and software used by administrators by
encryption or other similar methods.
6.3. Top Up Africa will also limit and monitor consecutive unsuccessful password
logon attempts to bolster its safety precautions. Encryption of passwords will be
used when transmitting data between external networks.
6.4. All users will be solely and entirely responsible for any activities carried out under
their individual IDs and passwords. Therefore, Top Up Africa employs users to use
strong passwords by substituting alphabetic letters with numeric and signs, using
the first letter of phrase or sentence to form a word, thus deriving non-dictionary
words.
7. Third Party Connection Policy

7.1. Connections between third parties that require access to nonpublic Top Up
Africa resources fall under this policy, regardless of whether a telco circuit or
VPN technology is used for the connection. Connectivity to third parties such as
the Internet Service Providers (ISPs) that provide Internet access for Top Up
Africa or to the Public Switched Telephone Network do NOT fall under this
policy. All new extranet connectivity will go through a security review with the
Information Security department. The reviews are to ensure that all access
Top Up Africa Ltd

Abuja FCT
19
Rc No: 1146549
matches the business requirements in the best possible ways, and that the
principle of least access is followed.
7.2. All new connection requests between third parties and Top Up Africa requires
that the third party and Top Up Africa representatives agree to sign the
Third-Party Agreement. This agreement must be signed by the controller of the
sponsoring organization as well as a representative from the third party who is
legally empowered to sign on behalf of the third party. The signed document is
to be kept on file with the relevant extranet group. Documents pertaining to
connections into Top Up Africa are to be kept on file with the team responsible
for security protocol.
7.3. The sponsoring organization must delegate a person to be the Point Of Contact
(POC) for the extranet connection. The POC acts on behalf of the sponsoring
organization, and is responsible for those portions of this policy and the Third
Party Agreement that pertain to it. In the event that the Point Of Contact
changes, the relevant extranet organization must be informed promptly.
7.4. Sponsoring organizations within Top Up Africa who wish to establish

connectivity to a third party are to file a new site request with the proper
extranet group. The extranet group will engage Information Security to address
security issues inherent in the project. If the proposed connection is to terminate
within a lab at Top Up Africa , the sponsoring organization must engage the
team responsible for security. The sponsoring organizations must provide full
Top Up Africa Ltd

Abuja FCT
20
Rc No: 1146549
and complete information as to the nature of the proposed access to the

extranet group and Information Security as requested.
7.5. All connectivity established must be based on the least access principle, in
accordance with the approved business requirements and the security review.
In no case will Top Up Africa rely upon the third party to protect Top Up Africa’s
network or resources.
7.6. All changes in access must be accompanied by a valid business justification,

and are subject to security review. Changes are to be implemented via the
corporate change management process. The sponsoring organization is
responsible for notifying the extranet management group and/or Information
Security when there is a material change in their originally provided information
so that security and connectivity evolve accordingly.
7.7. When access is no longer required, the sponsoring organization within Top Up
Africa must notify the extranet team responsible for that connectivity, which will
then terminate the access. This may mean a modification of existing permissions
up to terminating the circuit as appropriate. The extranet and security teams
must conduct an audit of their respective connections on an annual basis to
ensure that all existing connections are still needed, and that access provided
meets the needs of the connection. Connections that are found to be
depreciated, and/or are no longer being used to conduct Top Up Africa
business, will be terminated immediately. Should a security incident or a finding
that a circuit has been deprecated is no longer being used to conduct Top Up
Top Up Africa Ltd
Abuja FCT
21
Rc No: 1146549
Africa business necessitate a modification of existing permissions, or termination

of connectivity, Information Security And/or the extranet team will notify the
Company or the sponsoring organization of the change prior to taking any
actions.
7.8. The Information Security team will verify compliance to this policy through
various methods, including but not limited to, business tolls reports, internal and
external audits, and feedback to the policy owner. Any exception to the policy
must be approved by the information Security team in advance. An employee
found to have violated this policy may be subject to disciplinary action, up to
and including termination of employment.
8. Incidence Response Policy
Top Up Africa maintains a 5 step Incident response policy to ensure effective
preventative and containment measures. They are
a). PREPARATION
b). DETECTION AND REPORTING. The focus of this phase is to watch security
events so as to detect, alert, and report on potential security incidents.
c). TRIAGE AND ANALYSIS
d). CONTAINMENT AND NEUTRALIZATION.
e). POST-INCIDENT ACTIVITY.
However, items like disaster recovery and incident response are entirely action
oriented. We understand that, for incident response, the level of success is
inversely proportional to the degree of public relations exposure thus our
Top Up Africa Ltd

Abuja FCT
22
Rc No: 1146549
measures are effective at identifying and neutralizing threats before they go

public.
8.2. The steps delineated above allow us respond to the incident with speed and
decisiveness
8.3. Our incident response procedure ensures that minimal disruption and business
impact will occur. This can be better understood through the process flow; it is
within the process flow that the steps for response are outlined. The flow should
start wherever an incident comes into being, and then trace the incident via
the classification system up to the point where the Management and other
departments are notified.
9. Physical Security Policy

9.1. Physical security is an essential part of our security plan. It forms the basis for all
other security efforts, including personnel and information security. Top Up
Africa’s security program includes a solid physical security foundation. Which is
developed and deployed to protect and preserve information, physical assets,
and human assets.
Top Up Africa uses reliable and well-known hosting provider Google for all data
storage and platform so physical security policy is aligned with Google physical
security.
Google has its data center parks located in the USA. A video-monitored,
high-security perimeter surrounds the entire data center park.
Top Up Africa Ltd

Abuja FCT
23
Rc No: 1146549
Entry is only possible via electronic access control terminals with a transponder
key or admission card. All movements are recorded and documented.
Ultra-modern surveillance cameras provide 24/7 monitoring of all access routes,
entrances, security door interlocking systems and server rooms.
The uninterrupted power supply (USV) is ensured with a 15-minute backup

battery capacity and emergency diesel generated power. All UPS systems have
redundant design.
Climate control is affected via a raised floor system.
A modern fire detection system is directly connected to the fire alarm center of
the local fire department.
9.2. Purpose
The purpose of the Physical Security Policy is to:
i. Establish the rules for granting, control, monitoring, and removal of

physical access to office premises;
ii. To identify sensitive areas within the organization; and
iii. To define and restrict access to the same.
9.3. Scope
Employees
This applies to all employees, contractual employees, trainees, privileged

customers, and all other visitors.
9.4. Documentation
Top Up Africa Ltd

Abuja FCT
24
Rc No: 1146549
Top Up Africa’s Physical Security Policy documentation consists of Physical

Security Policy and related procedures & guidelines.
9.5. Document Control
The Physical Security Policy document and all other referenced documents
shall be controlled. Version control shall be to preserve the latest release and
the previous version of any document. However, the previous version of the
documents shall be retained only for a period of two years for legal and
knowledge preservation purposes.
9.6. Records
Records being generated as part of the Physical Security Policy shall be

retained for a period of two years. Records shall be in hard copy or electronic
media. The records shall be owned by the respective system administrators and
shall be audited once a year.
9.7. Distribution and Maintenance
The Physical Security Policy document shall be made available to all the
employees covered in the scope. All the changes and new releases of this
document shall be made available to the persons concerned. The
maintenance responsibility of the Physical Security Policy document will be with
the CISO and system administrators.
Top Up Africa Ltd

Abuja FCT
25
Rc No: 1146549
9.8. Privacy
The Physical Security Policy document shall be considered as “confidential”

and shall be made available to the concerned persons with proper access
control. Subsequent changes and versions of this document shall be controlled.
9.9 Responsibility
The IT and Compliance teams are the designated personnel responsible for the
proper implementation of the Physical Security Policy.
9.10 PHYSICAL ACCESSIBILITY POLICY
The following are the policies defined for maintaining Physical Security:
i. Physical access to the server rooms/areas shall completely be

controlled and servers shall be kept in the server racks under lock and
key.
ii. Access to the servers shall be restricted only to designated Systems
and Operations Personnel. Besides them, if any other person wants to
work on the servers from the development area, then he/she shall be
able to connect to the servers only through Remote Desktop
Connection with a Restricted User Account.
iii. Critical backup media are kept in a fireproof off-site location in a vault.
Top Up Africa Ltd

Abuja FCT
26
Rc No: 1146549
iv. Security perimeters shall be developed to protect areas that contain

information systems to prevent unauthorized physical access, damage,
and interference.
v. A list of personnel with authorized access to the facilities where

information systems reside shall be maintained with appropriate
authorization credentials. The access list and authorization credentials
shall be reviewed and approved by authorized personnel
periodically.
vi. All physical access points (including designated entry / exit points) to
the facilities where information. reside shall be controlled and access
shall be granted to individuals after verification of access
authorization.
vii. Physical access to the information systems shall be monitored to

detect and respond to physical security incidents.
viii. Physical protection against damage from fire, flood, earthquake,

explosion, civil unrest, and other forms of natural and man-made
disasters shall be designed and applied.
ix. Physical protection and guidelines for working in the areas where
information systems reside shall be designed and applied.
Top Up Africa Ltd

Abuja FCT
27
Rc No: 1146549
x. Information systems shall be protected from power failure and other

disruptions caused by a failure in supporting utilities.
xi. Power and telecommunications cabling carrying data or supporting

information services shall be protected from interception or damage.
xii. The real-time physical intrusion alarm and surveillance equipment shall
be monitored.
xiii. Automated mechanisms to recognize potential intrusion shall be

employed to initiate appropriate response actions.
xiv. Physical access to the information systems shall be granted only after
authenticating visitors before authorizing access to the facility where
the information systems reside other than areas designated as “publicly
accessible
xv. The access records of the visitors shall be maintained.
xvi. Visitors are escorted by the designated personnel and their activities, if
required, shall be monitored.
xvii. Any user who needs to connect to an external network for official work
shall be able to do so after an official sanction from the Management
and Security Team. This team shall evaluate security risks before the
issue of any sanction.
Top Up Africa Ltd

Abuja FCT
28
Rc No: 1146549
xviii. A record of all physical accesses by both visitors and authorized

individuals shall be maintained.
All policies stated above are monitored and periodically updated from
time to time.
8.7. Enforcement
8.7.1. Any employee found to have violated this policy may be subjected to
disciplinary action in line with the Top Up Africa’s People Operations
Policy.
ANNEX 1
Top Up Africa IT PROCESSES AND PROCEDURES
Workstations/Laptops: Most staff members will be given the use of a

Laptop/computer in their office (as deemed fit by the company) with access to
the company’s network. Modifications to faculty and staff workstations
including the addition or removal of hardware or software are not allowed
without prior approval of the IT Department.
1. Every workstation will be able to print on at least one network printer and
Top Up Africa Ltd
Abuja FCT
29
Rc No: 1146549
one backup printer (one of which will be color).
2. Individual desktop printers will not be available unless the Managing

Director deems it necessary under special circumstances.
3. Unless otherwise authorized all workstations will use Windows 10, Windows
8, 8.1, Windows 7 as the operating system. The initial software installed on
the system will include Microsoft Office (Standard or Professional), Internet
Explorer, Acrobat Reader, and Antivirus Corporate Edition.
4. Access to the Internet will be through Internet Explorer and e-mail will be
through the configured company’s e-mail.
5. Additional hardware and software may be requested by filing the proper

form with the Director.
6. Visitors have only the basic visitors’ user rights and access.
Printers, Copiers, Faxes, Scanners, and Other Shared Devices: All shared
devices, either on the network or stand-alone equipment, are under the purview
of the TBD Department, and will be allocated by the TBDM.
Only IT personnel or specifically authorized staff will service these items.
• All equipment of this nature that is placed on the company’s network is under
the direct supervision of the Technical Manager.
IT Resource Center: Top Up Africa owns a number of items that are of a

portable nature that are available for use by staff members with the approval of
the Managing Director. When not in use these items will be stored in IT
cabinets/closets, which will be locked at all times when not under the direct
supervision of an authorized IT staff member.
Top Up Africa Ltd
Abuja FCT
30
Rc No: 1146549
1. The Managing Director, the Technical Manager and specifically

designated IT staff members will be assigned the key(s) for the storage
area(s). Only these individuals have the authorization to access the IT
Resource Center area(s).
2. Only staff members can check out items from the IT Resource Center. To
check out an item the individual must contact one of the authorized IT
staff members, then sign and date the checkout sheet.
3. Certain items may be reserved by contacting an authorized IT staff

member who will place the information on a calendar kept for that
purpose.
4. The individual that signed for the item must return it on or prior to the due
date/time to an authorized IT staff member, and report any known
problems with the item. The IT member is required to at least spot check
the item for any obvious damage or missing components. He or she will
then record its return and initial the checkout sheet, and will report any
irregularities.
SYSTEMS DOCUMENTATION
The subheading Systems Documentation contains the procedures for recording
the acquisition of new resources and maintaining the inventory of existing
equipment and materials.
All new acquisitions will be classified as either consumable or durable.
Supplies are items classified as consumable such as recordable media, toner, ink
cartridges, paper, RJ47, and CAT5 cable.
Durable items are divided into hardware (equipment) or software and licenses.
When a shipment is received the items will be examined for damage and
Top Up Africa Ltd
Abuja FCT
31
Rc No: 1146549
marked off the packing list, which will be initiated and dated.
The packing list will be attached to the corresponding purchase order and Form
IT-G. Any damaged, missing, backordered, or extra items are to be noted and
the vendor is to be contacted promptly
Supplies
• Ink cartridges: are the responsibility of the company
• Toner: 1 set will be in stock for every four printers of that model
• Drums, Imaging Units, etc: 1 will be in stock if there are four or more printers of
that model available
• Recordable Media: will be reordered when the following minimum levels in
stock are reached; CD-R: 5, CD-RW: 5, DVD-/+R:5, Data Tapes:5
• Cabling Supplies: will be reordered when the following minimum levels in stock
are reached RJ45: 5, Jacks:5.
Hardware
All hardware/equipment will be given a Capricorn Digital ID Tag with a unique
number. Unauthorized removal or modification of a tag is strictly forbidden. All
hardware will be recorded into the hardware log book.
Certain component items will be listed together as a single unit, such as a PC. A
PC includes the hard drive, RAM, other internal components, along with a
keyboard and mouse. The IT Inventory Database will utilize the following field (if
applicable) for each record:
1. Top Up ID #
2. Description
3. Purchase Order #
4. Manufacturer
5. Model #
6. Serial #
Top Up Africa Ltd
Abuja FCT
32
Rc No: 1146549
7. IP address (if static)

8. MAC Address
9. Network Name
10. Physical Location
11. User’s Name
12. Processor/CPU speed and type
13. RAM
14. Hard Drive
15. Internal Drives (CD, DVD, etc.)
16. Graphics Card
17. Sound Card
18. Modem
19. Keyboard and Mouse
20. Screen size and type
21. Available ports or outlets
22. Available slots
Software:
All software and licenses will be inventoried using the database; in addition, a
hard copy record will be maintained in a fireproof cabinet or offsite.
Software will be categorized as a box license; site licensed, or network versions

(including CAL) along with whether the seats are concurrent or static.
The following fields will be used in the IT Inventory Database for each record (if
applicable):
1. Description/Title
2. Version
3. Publisher
Top Up Africa Ltd
Abuja FCT
33
Rc No: 1146549
4. Serial #
5. Product ID #
6. Purchase Order #
7. License Type
8. Number of Licenses/Classification
9. License #
10. Key Code
11. Top Up Africa ID # (where it is installed)
IT Inventory Database;
Any new acquisitions classified as hardware or software will be entered into the
database prior to its allocation. Any modification to a PC, network appliance or
device, or any supported system must be documented in the IT Inventory
Database. The staff member making the alterations, including the installation of
software or relocating the device must complete Form IT-C and submit it to the
Managing Director or properly designated representative, within two working
days. Items designated as salvage by the Technical Manager will be noted on
the database, listing the date the item is removed from the inventory.
1. Business Applications
2. Applications
3. Security/Fireproof System
Top Up Africa Ltd
Abuja FCT
34
Rc No: 1146549
The Administrator passwords for the network and servers will be set and
maintained by the Technical Manager. The list of four (4) passwords will be
documented and stored in a file in the IT Department’s lockable fireproof
cabinet/cloud. The same procedure will be followed in regards to the
administrative password for all workstations and devices at Top Up Africa.
Telephone and Internet Connections

Top Up Africa will maintain at least one POT line / wireless option for each of the
following: fax machine, security system, and elevator phone.
IT disaster recovery plan

IT disaster recovery plan provide step-by-step procedures for recovering
disrupted systems and networks, and help them resume normal operations. The
goal of these processes is to minimize any negative impacts to company
operations. The IT disaster recovery process identifies critical IT systems and
networks; prioritizes their recovery time objective; and delineates the steps
needed to restart, reconfigure, and recover them. A comprehensive IT DR plan
also includes all the relevant supplier contacts, sources of expertise for
recovering disrupted systems and a logical sequence of action steps to take for
a smooth recovery.
The following summarizes the ideal structure for an IT disaster recovery plan:
Develop the contingency planning policy statement. A formal policy provides

the authority and guidance necessary to develop an effective contingency
plan.
Conduct the Business Impact Analysis (BIA). The business impact analysis helps to
identify and prioritize critical IT systems and components.
Top Up Africa Ltd

Abuja FCT
35
Rc No: 1146549
Identify preventive controls. These are measures that reduce the effects of
system disruptions and can increase system availability and reduce contingency
life cycle costs.
Develop recovery strategies. Thorough recovery strategies ensure that the

system can be recovered quickly and effectively following a disruption.
Develop an IT Contingency Plan. The contingency plan should contain detailed

guidance and procedures for restoring a damaged system.
Plan testing, training and exercising. Testing the plan identifies planning gaps,
whereas training prepares recovery personnel for plan activation; both activities
improve plan effectiveness and overall agency preparedness.
Plan maintenance. The plan should be a living document that is updated

regularly to remain current with system enhancements.
Step-by-step IT DR Plan Development

The plan development team should meet with the internal technology team,
application team, and network administrator(s) and establish the scope of the
activity, e.g., internal elements, external assets, third-party resources, linkages to
other offices/clients/vendors; be sure to brief IT department senior management
on these meetings so they are properly informed.
Gather all relevant network infrastructure documents, e.g., network diagrams,
equipment configurations, databases.
Obtain copies of existing IT and network DR plans; if these do not exist, proceed
with the following steps.
Identify what management perceives as the most serious threats to the IT

infrastructure, e.g., fire, human error, loss of power, system failure.
Top Up Africa Ltd

Abuja FCT
36
Rc No: 1146549
Identify what management perceives as the most serious vulnerabilities to the

infrastructure, e.g., lack of backup power, out-of-date copies of databases.
Review previous history of outages and disruptions, and how the firm handled
them.
Identify what management perceives as the most critical IT assets, e.g., call
center, server farms, Internet access.
Determine the maximum outage time management can accept if the identified
IT assets are unavailable.
Identify the operational procedures currently used to respond to critical

outages.
Determine when these procedures were last tested to validate their

appropriateness.
Identify emergency response team(s) for all critical IT infrastructure disruptions;

determine their level of training with critical systems, especially in emergencies.
Identify vendor emergency response capabilities; if they have ever been used; if
they were, did they work properly; how much the company is paying for these
services; status of service contract; presence of service-level agreement (SLA)
and if it is used.
Compile results from all assessments into a gap analysis report that identifies
what is currently done versus what ought to be done, with recommendations as
to how to achieve the required level of preparedness, and estimated
investment required.
Have management review the report and agree on recommended actions.
Top Up Africa Ltd

Abuja FCT
37
Rc No: 1146549
Prepare IT disaster recovery plan(s) to address critical IT systems and networks.
Conduct tests of plans and system recovery assets to validate their operation.
Update DR plan documentation to reflect changes.
Schedule next review/audit of IT disaster recovery capabilities.
IMPORTANT IT DISASTER RECOVERY PLANNING CONSIDERATIONS
Senior Management Support.

Be sure to obtain senior management support so that your plan goals can be
achieved.
Take the IT DR planning process seriously. Although the IT DR plan can take a
great deal of time for data gathering and analysis, it doesn't have to be dozens
of pages long. Plans simply need the right information, and that information
should be current and accurate.
Keep it simple. Gathering and organizing the right information is critical.
Review results with business units. Once the IT disaster recovery plan is complete,
review the findings with business units’ leaders to make sure your assumptions
are correct
Be flexible. The suggested template in this article can be modified as needed to

accomplish your goals.
Network Access
New users (or existing users who need to make changes) must follow these
procedures to be issued a(n): user name, initial password, roaming profile, home
Top Up Africa Ltd
Abuja FCT
38
Rc No: 1146549
directory, and their company email account.
Access to specific components or programs on the company’s network, in

addition to security levels will be assigned through the procedures established
herein. We maintain the ownership of all user accounts along with rights to
monitor and access the information therein.
The employee must complete, sign, and submit Form IT-D, to the Managing
Director or assigned Staff.
Upon approval by the Managing Director (or authorized personnel), the

authorized personnel will, within one working day, create a unique username,
initial network password, roaming profile, and home directory for the employee.
The employee will also be given access to a company email account with the
same user name as for accessing the network, with an address of
firstname.surname@Top Up Africaserve.com
In certain instances, the employee may also be given to a positional email
account such as: it@Top Up Africa.com etc.
If a new employee (or existing employee needs to modify) needs additional

network access for restricted resources, he or she needs to complete Form IT-E.
Restricted resources include any software platforms, databases, or other
resources that have security levels, additional password requirements, or
information that contains sensitive materials (as prescribed by the administration
of Top Up Africa).
Once the employee completes Form IT-E it must be submitted to the

department head or area supervisor for approval. After the supervisor reviews
the application and signs the form it is then forwarded to the Managing Director
to receive final approval. The Managing Director has three working days to
approve or deny the request. If denied he/she will notify, with an explanation,
the applicant. If approved the following process will occur:
Top Up Africa Ltd
Abuja FCT
39
Rc No: 1146549
1. The Managing Director will contact the Technical Manager to establish

the proper access, passwords, user name, etc. for the employee making
the request. This will be completed in three working days.
2. An IT staff member will contact the employee to provide an

orientation/training on the network resources that are being made
available. This will include information on the appropriate policies and
procedures that govern use of the company’s resources. During this
orientation the employee will be given the access and security level that
were approved.
Internet access for workshops can be handled through the normal processes.
Network Security
The employee will be given access to a company email account. If access to
restricted applications or specific components of such programs is required, the
user must complete and submit Form IT-E as outlined in subheading Network
Access.
Usernames and Passwords: The following procedure will be adhered to in

regards to the creation/issuing of user names and passwords unless specifically
altered by the Managing Director.
Employee usernames will be the first initial of the person’s first name along with
the last name
The user will be required to change the password on the initial login.
1. Passwords are case sensitive and must be a minimum of 4 characters
2. Staff member passwords must be changed at a minimum of once in two
months.
3. IT personnel and other users with administrative rights must change their
password a minimum of once/month.
Top Up Africa Ltd
Abuja FCT
40
Rc No: 1146549
4. The same password may not be used twice in a row.

5. The person assigned to a particular user name is responsible for its usage;
therefore, it cannot be shared with other individuals or groups
Violations must be reported to the Managing Director
6. The Administrator password for a workstation or device will be designated
by the Technical Manager.
7. All staff user names will be given restricted privileges on the network and
individual workstations by default
The Technical Manager may authorize higher levels of access for IT staff
members and other users under special circumstances
Firewalls and Virus Protection: The IT Department will maintain a proxy server
and/or a network firewall protecting the company’s LAN from outside intrusion.
No server, workstation, or other network device will be assigned a public IP
address without the prior approval of the Technical Manager.
Any device with a public IP address must have a firewall protecting it from
outside intrusions.
Any attempt by a Top Up Africa network user to intentionally breach or bypass a
secure/restricted system without authorization will result in loss of network
privileges. The Technical Manager will report such occurrences to the
Managing Director of Top Up Africa, or designated representative, for additional
actions (such as suspension or termination, or even possible legal action).
The IT Department will maintain virus protection on the email server, to scan
incoming messages, and on all other servers, workstations, and appropriate
network devices. To limit possible routes of infection the preferred method of
data transfer from the outside to systems on our network will be through email
attachments. Staff members are allowed to use removable disk media or other
portable storage devices such as USB key drives. Before transferring data onto
Top Up Africa’s system data must be scanned using an up-to-date virus
Top Up Africa Ltd
Abuja FCT
41
Rc No: 1146549
protection program.
Suspicious email/attachments/files should not be opened and must be reported

to an IT staff member. Any computer/network problems that may be due to
virus or other outside intrusion likewise need to be reported promptly to an IT staff
member. These reports will be forwarded onto both the Managing Director and
Technical Manager for further investigation and action. Affected devices may
be removed from the network by any IT staff member to halt the transmission of
the infection or intrusion until the Managing Director, or a designated
representative gives authorization to reconnect the device. Infecting, or
transmitting a virus, worm, other malicious code or “spam” on or from Top Up
Africa’s equipment is strictly prohibited, and must be reported.
The security of servers, along with the data stored upon them, is the primary
responsibility of the Information Technology Department. Servers must be
maintained in a secure lockable area with access limited to authorized
personnel.
Data will be backed up on a regular basis to a hard drive located on a

separate chassis at a minimum of thrice per week. Archiving of data to a
removable storage media will depend on its nature. However, for critical
systems/files a daily schedule for archiving will be the minimum. Archived media
will be stored in a lockable fireproof storage unit. Access will be limited to the
Technical Manager and others specifically authorized by the Managing
Director.
Security of individual workstations and the data stored upon them is the primary
responsibility of the assigned user. When the area is open to the public the
individual user should lock their computer and/or use a password protected
screensaver when logged on to the system. When a user will be absent from
their station for an extended period of time it is recommended that they shut
down the system or log off. If using a common area computer, a user must log
off the system before leaving.
Top Up Africa Ltd
Abuja FCT
42
Rc No: 1146549
Internet Use
IT staff members will contact the employee to provide an orientation/training on
the Internet resources that are being made available. This will include
information on the appropriate policies and procedures that govern their use.
During this orientation the employee will be given the access and security level
that were approved.
1. To maintain acceptable bandwidth, the Technology Coordinator will

establish a point system to calculate typical and high traffic usage rates.
2. The Technical Manager or designated representative will maintain a
reasonable level of security, including proxy settings and/or firewalls,
against outside intrusions. Virus, spam, and other appropriate protections
will be maintained at reasonable levels.
3. The Technical Manager or designated representative is responsible for the
establishment, maintenance, removal, and allocation of all domains, IP
addresses, bandwidth, and related items owned or controlled by Top Up
Africa. Documentation and regular briefings will be provided to the
Managing Director.
Purchasing Procedure
All procurement of hardware, software, or technology services that will be part
of or impact the Top Up Africa data or communications networks must be
purchased through the IT Department. The purpose of this process is to ensure
compatibility of new components with the existing infrastructure and to
maximize the efficiency of our resources. The IT Department will only maintain
and service equipment and software that was procured, allotted, and
implemented in a manner consistent with the appropriate policies and
procedures.
E-Mail Use
Top Up Africa Ltd
Abuja FCT
43
Rc No: 1146549
The status of the person requesting the account will determine what domain will
be used, the format of the user name, the default password, and storage space
allotted. The Managing Director under special circumstances will consider
exceptions.
Storage space will be limited to 20GB on the cloud.
Public Individual or Group Addresses •the account will be created on the Top
Up Africa's payments domain • (www.Top Up Africa.com)
Username will be a first name, such as joyce@TopUpAfrica.com, or created by

an automated system.
1. The default password will be sup*********
2. Storage space will be limited to 20GB
Inappropriate use includes, but is not limited to the following:

Using accounts provided by Top Up Africa's Services Limited for commercial or
financial gain without administration approval.
1. Using accounts provided by Top Up Africa for the creation or transmission
of spam.
2. Using other people’s accounts, posting personal communications without
the original author's consent.
3. The willful transmission of viruses or other harmful programs.
Top Up Africa Ltd

Abuja FCT
44
Rc No: 1146549
Top Up Africa PRIVACY POLICY
Introduction
This Privacy Policy describes a customer’s privacy rights regarding our collection,
use, storage, sharing and protection of personal information. It applies to the
Top Up Africa website, agent application, B2B services and other services
provided by Top Up AfricaS regardless of how they are accessed or used.
Personal information we collect

Top Up Africa may collect and store personal Information that the customer
provides to our Agents or our Partners when using Top Up Africa in order to
identify an individual and need to complete a transaction that customer
initiated.
Top Up Africa will not collect any additional information which are not required
by the service provider with whom Top Up Africa is connected and which
services Top Up AfricaS is selling.
Depending on services for which the customer wants to make transactions, Top
Up AfricaS can collect and process the following information: name, address,
phone, email, account number or identification number and other similar
information.
How we use personal information

Top Up Africa uses collected personal information only for the purpose to
complete transactions that our customer initiated and that was given directly
from our customer to our Agent or Selling partner. Personal information is
forwarded to our Partners who provide or sell services to our customer to identify
him and to register in his system appropriate transactions.
Top Up Africa will not use, share or sell personal information with third parties for
any kind of marketing and advertising activity without explicit consent from our
Top Up Africa Ltd
Abuja FCT
45
Rc No: 1146549
customer.
Protection of personal information

Top Up Africa uses security technologies including firewalls, Secure Socket
Layers, HTTPS and VPN to help protect the Personal Information we collect and
process from our customer through the Platform.
Our policies restrict access to Personal Information to those employees and

service providers who need to know the information in order to provide or sell
our customer required services.
Top Up Africa maintains physical, electronic and procedural safeguards to

protect Personal Information.
Third Party Connection Policy

Top Up Africa uses secure connection with any of its partners that it is
connected to. Secure connection is established either through VPN connection
or HTTP over TLS (HTTPS) along with WS-Security (WSS), certificate authentication
and encryption/signing.
Integration with all B2B partners and Agents devices with Top Up AfricaS
platform uses a custom HTTP scheme based on a keyed-HMAC (Hash Message
Authentication Code) for authentication.
The type of security connection that will be established with a third party
depends on agreement and preferred model of the third party.
Encryption policy
Encryption is used in communication with third parties over https protocol and
using SSL certificates. Private confidential information of our customer, such as
credit card numbers and similar, are not stored in the Top Up Africa system. This
information is only passed through our system to service providers to identify
customers and sell service to them.
Top Up Africa Ltd
Abuja FCT
46
Rc No: 1146549
Encryption is also used to store confidential information such as passwords in our

system. Encryption method that is used for this is the Crypt algorithm.
Incidence response Policy

This policy is to assure that, in case of an information security incident that
threatens the availability, confidentiality, and integrity of our information assets,
information systems and the networks that deliver the information, a response is
conducted in a consistent manner, with defined process step-by-step, in order
to promptly restore operations impacted by the incident
There are six steps in this process defined to handle security incident most
effectively:
1.Preparation: Our IT support team constantly updates the information system

with the latest security patches to improve security of the whole system. Also, the
important part of the preparation step is to educate users and IT staff of the
importance of updated security measures and train them to respond to
computer and network security incidents quickly and correctly.
2.Identification: Our IT support team is activated to decide whether a particular

event is, in fact, a security incident. The IT support team may contact the CERT
Coordination Center, which tracks Internet security activity and has the most
current information on viruses and worms.
3.Containment: Our IT support team determines how far the problem has spread
and contains the problem by disconnecting all affected systems and devices to
prevent further damage.
4.Eradication: Our IT support team investigates to discover the origin of the

incident. The root cause of the problem and all traces of malicious code are
removed.
Top Up Africa Ltd

Abuja FCT
47
Rc No: 1146549
5.Recovery: Data and software are restored from clean backup files, ensuring
that no vulnerabilities remain. Systems are monitored for any sign of weakness or
recurrence.
6.Lessons learned: Our IT support team analyzes the incident and how it was
handled, making recommendations for better future response and for
preventing a recurrence.
Physical Security Policy

Top Up Africa uses reliable and well-known hosting provider Google for all data
storage and platform so physical security policy is aligned with Google physical
security.
Google has its data center parks located in the USA. A video-monitored,
high-security perimeter
surrounds the entire data center park. Entry is only possible via electronic access
control terminals with a transponder key or admission card. All movements are
recorded and documented. Ultra-modern surveillance cameras provide 24/7
monitoring of all access routes, entrances, security door interlocking systems and
server rooms.
The uninterrupted power supply (USV) is ensured with a 15-minute backup

battery capacity and emergency diesel generated power. All UPS systems have
redundant design.
Climate control is effected via a raised floor system.
A modern fire detection system is directly connected to the fire alarm center of
the local fire department.
Changes to this Privacy Policy
Top Up Africa Ltd

Abuja FCT
48
Rc No: 1146549
Top Up Africa may change this privacy policy at any time by posting an
updated privacy policy. Up-to-date policy will be available on our web site
www.TopUpAfrica.com
Top Up Africa Ltd

Abuja FCT
49

Top Up Africa IT Policy

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Top Up Africa IT Policy

Uploaded by

Copyright:

Available Formats

Rc No: 1146549

INFORMATION TECHNOLOGY POLICY

Top Up Africa Ltd

Top Up Africa Ltd

Top Up Africa Ltd

Top Up Africa's Information Technology Infrastructure Management which

Top Up Africa Ltd

Established periodic review meetings will be held among staff of the

Key duties to be used as yardstick include:

Infrastructure is further divided into two major components: network and

Top Up Africa Ltd

Telecommunication: The systems for communicating with individuals or

RESOURCES AND EQUIPMENT

All software and hardware relating to computer/network/telephony systems are

1.1. Limitations of the Policy

1.2. The Information Top Up Africa Collects

Top Up Africa may obtain the following types of information from or

Top Up Africa Ltd

i. User Provided Information: users provide certain Personally Identifying

1.3 The Way Top Up Africa Uses Information

When you submit Personally Identifiable Information to us through the Top Up

We do not use your mobile phone number or other Personally Identifiable

Top Up Africa Ltd

We may use both your Personally Identifiable Information and certain

1.4. You Have a Choice

You may, of course, decline to submit Personally Identifiable Information through

1.5. Data Security

Top Up Africa uses commercially reasonable physical, managerial, and

1.6. In the Event of Merger, Sale, or Bankruptcy

1.7. Changes and updates to this Privacy Notice

2. Information Ownership/Disclosure/Loss Policy

2.1. Ownership of information or data by Top Up Africa is heavily dependent upon

Top Up Africa Ltd

3.3. We may share non-personally-identifiable information (such as anonymous User

Top Up Africa Ltd

3.4 We may collect and release Personally Identifiable Information and/or

Top Up Africa also reserves the right to disclose Personally Identifiable

Top Up Africa Ltd

4.2. Top Up Africa makes no warranties or representations about the accuracy or

Top Up Africa Ltd

Furthermore, with Top Up Africa ’s security system, it is virtually impossible to

6. Confidential Data Policy

Top Up Africa is an independent company which has business dealings with

Top Up Africa Ltd

one of its primary modes of information interchange. Therefore, it is possible that

i. All submissions, either in hard copy, or in electronic form,

ii. If Top Up Africa officers are alerted by members or observers

iii. Third party members and observers who obtain copies of

Top Up Africa Ltd

Iv. Anyone who knowingly disseminates confidential data found

v. Note*: To be considered confidential data under this policy,

Top Up Africa Ltd

7. Third Party Connection Policy

Top Up Africa Ltd

7.4. Sponsoring organizations within Top Up Africa who wish to establish

Top Up Africa Ltd

and complete information as to the nature of the proposed access to the

7.6. All changes in access must be accompanied by a valid business justification,

Africa business necessitate a modification of existing permissions, or termination

c). TRIAGE AND ANALYSIS

d). CONTAINMENT AND NEUTRALIZATION.

e). POST-INCIDENT ACTIVITY.

Top Up Africa Ltd