Professional Documents
Culture Documents
Top Up Africa IT Policy
Top Up Africa IT Policy
1
Rc No: 1146549
CONTENTS
Introduction 3
Policy Statement 3
IT Infrastructure: 3
1.Privacy Policy 5
2. Information Ownership/Disclosure/Loss Policy 9
3.Disclosure Policy 10
4.Loss Policy 11
5. Network Security and Encryption Policy 12
6. Confidential Data Policy 12
5. Password/PIN Policy 13
7. Third Party Connection Policy 14
8. Incidence Response Policy 16
9. Physical Security Policy 17
ANNEX 1 22
2
Rc No: 1146549
DEFINITIONS:
Acronyms Definition
TUA Top Up Africa Ltd
VPN Virtual Private Network
LAN Local Area Network
TBD Technical Business Development
DVD Digital Video Disc
TCP/IP Transmission control protocol/Internet protocol
DHCP Dynamic Host Configuration Protocol
DR Disaster Recovery
CD Compact Disc
PC Personal/private computer
3
Rc No: 1146549
INTRODUCTION
POLICY STATEMENT
To meet the enterprise business objectives and ensure continuity of its
operations, Top Up Africa Ltd (Hereinafter referred to as “The Company, “We”
Or “Top Up Africa””) shall adopt and follow well-defined and time-tested plans
and procedures, to ensure the Information Technology security of all of its
information assets and human assets.
IT Infrastructure:
The core responsibility of the IT department is to ensure infrastructural IT related
devices are up and running.
Functions include supervision of out-sourced tasks along with the allocation and
maintenance of resources required to maintain the company’s LAN, servers,
workstations, network devices, and cloud-based devices, applications and
databases. The security and integrity of the information systems at Top Up Africa
are also very important.
4
Rc No: 1146549
5
Rc No: 1146549
1.Privacy Policy
Top Up Africa’s privacy policy is designed to allow its users, consumers, and
visitors to make informed decisions on whether or not to use the Top Up Africa
services, or information contained on its website.
If you have grievances with either the Top Up Africa application/software or the
information contained on its website, please DO NOT use.
This privacy policy is incorporated into and is subject to Top Up Africa ’s terms of
service. If you make use of the Top Up Africa app, services, or any of the
information available on the Top Up Africa website, or provide any personal
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
6
Rc No: 1146549
information in relation to the Top Up Africa app, Top Up Africa services, or Top
Up Africa website, they all remain subject to this privacy policy and its terms of
service.
In lieu of this, it is important to note that any information put up at the direction,
or at the discretion of users of the Top Up Africa service becomes published
content. Therefore, it is not personally identifiable information subject to this
privacy policy.
This privacy policy is part of Top Up Africa’s Terms of Service and covers the
treatment of user information, including personally identifying information
obtained by Top Up Africa, including information obtained when the Top Up
Africa site is accessed, when the Top Up Africa service is used, or any other
information provided by Top Up Africa.
This privacy policy does not apply to the practices of the companies that Top
Up Africa does not own or control, or to individuals whom Top Up Africa does
not employ or manage, including any of the third parties to which Top Up Africa
may disclose user information as set forth in this privacy policy.
7
Rc No: 1146549
ii. Cookies Information: When the Top Up Africa site is visited, it may send
one or more cookies – a small text file containing a string of alphanumeric
characters – to your computer that uniquely identifies your browser.
Important to note is the fact that the Top Up Africa site may not function
properly if the ability to accept cookies is disabled.
iii. Log File Information: When you use the Top Up Africa site, our servers
automatically record certain information that your web browser sends
whenever you visit any website. These server logs may include information
such as your web request, Internet Protocol ("IP") address, browser type,
browser language, referring / exit pages and URLs, platform type, number
of clicks, domain names, landing pages, pages viewed and the order of
those pages, the amount of time spent on particular pages, the date and
time of your request, one or more cookies that may uniquely identify your
browser, your phone number, the phone number you are requesting the
status of and various status information. When you use the Top Up Africa
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
8
Rc No: 1146549
service, our servers log certain general information that our application
sends whenever a message is sent or received, or if you update or request
any status information, including time and date stamps and the mobile
phone numbers the messages were sent from and to.
All information collected is essential to your use of the Top Up Africa service and
will be retained. Any billing information that may be collected from you will be
deleted thirty (30) days after the termination of your account with Top Up Africa.
We may, however, use your mobile phone number (or email address, if
provided) without further consent for non-marketing or administrative purposes
(such as notifying you of major Top Up Africa site or service changes or for
customer service purposes).
9
Rc No: 1146549
We may use cookies and log file information to: (a) remember information so
that you will not have to re-enter it during your visit or the next time you use the
Top Up Africa service for Top Up Africa site; (b) provide custom, personalized
content and information; (c) monitor individual and aggregate metrics such as
total number of visitors, pages viewed, etc.; and (d) track your entries,
submissions, views and such.
10
Rc No: 1146549
verify your identity before registering your mobile phone number and granting
you access to the Top Up Africa service. Please contact Top Up Africa via
email or support at Top Up Africa .com or available web forms with any
questions or comments about this Privacy Policy, your personal information, your
consent.
In the event that Top Up Africa is acquired by or merged with a third-party
entity, we reserve the right to transfer or assign the information we have
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
11
Rc No: 1146549
collected from our users as part of such merger, acquisition, sale, or other
change of control. In the (hopefully) unlikely event of our bankruptcy,
insolvency, reorganization, receivership, or assignment for the benefit of
creditors, or the application of laws or equitable principles affecting creditors'
rights generally, we may not be able to control how your personal information is
treated, transferred, or used.
This Privacy Policy may be revised periodically and this will be reflected by the
"effective date” below. Please revisit this page to stay aware of any changes.
Your continued use of the Top Up Africa site and Top Up Africa service
constitutes your agreement to this Privacy Policy and any amendments.
12
Rc No: 1146549
2.2. Top Up Africa as a corporate entity owns the right to this information and
through the actions of its officials, controls and claims ownership of all said
information. In the case that any data or information concerns Top Up Africa
and any third party, there will be a pre drafted agreement which will dictate the
control, regulation, and ownership of the data or information in question (Please
see annex 1)
2.3. Top Up Africa will not be held liable for any and all mishandled data or
information which does not fall within the purview of Top Up Africa or its
officers.
3.Disclosure Policy
3.1 We do not sell or share your Personally Identifiable Information (such as mobile
phone number) with other third-party companies for their commercial or
marketing use without your consent or except as part of a specific program or
feature for which you will have the ability to opt-in or opt-out.
3.2. We may share your Personally Identifiable Information with third party service
providers to the extent that it is reasonably necessary to perform, improve or
maintain the Top Up Africa service.
13
Rc No: 1146549
4.1 You agree that your use of the Top Up Africa shall be at your sole risk to the
fullest extent permitted by law, Top Up Africa, its Officers, Directors, Employees,
and Agents disclaim all warranties, expressed or implied, in connection with the
service and your use thereof.
14
Rc No: 1146549
4.3 Top Up Africa does not warrant, endorse, guarantee, or assume responsibility for
any product or service advertised or offered by a third party through the Top Up
Africa service or any hyperlinked website or featured in any user status
submission or other advertising, and Top Up Africa will not be a party to or in
any way be responsible for monitoring any transaction between you and
third-party providers of products and services. As with the purchase of a product
or service through any medium or in any environment, you should use your best
judgment and exercise caution where appropriate and again, use this just for
fun.
5. Network Security and Encryption Policy
15
Rc No: 1146549
5.1. Top Up Africa is designed to provide you with financial services as a Bank in your
neighborhood, Thus, Top Up Africa’s app is built upon an end-to-end security
platform wherein all transferred personal data is encrypted by different levels of
secure firewalls. This way, all personal data is protected from falling into the
wrong hands.
5.2. Top Up Africa adopts the security policies platform of the particular mobile
carrier that the Top Up Africa application user employs on his/her mobile
device, and for browsing purposes. In integrating with said mobile carriers, Top
Up Africa confirms that the mobile platform upon which it operates conforms
and satisfies extant regulatory acts and policies in the country which it
operates.
16
Rc No: 1146549
17
Rc No: 1146549
6. Password/PIN Policy
6.1. Passwords do not imply privacy but allow authorized users to gain access to
required applications, files and e-messages. Weak passwords have no value
and will not perform its task. Passwords need to be stronger in the case of critical
systems or when administrative level access is used.
18
Rc No: 1146549
6.2. Top Up Africa will enable remote users with access through a firewall, by
implementing one time password generating tools for firewall authentication.
Top Up Africa will also protect such tools and software used by administrators by
encryption or other similar methods.
6.3. Top Up Africa will also limit and monitor consecutive unsuccessful password
logon attempts to bolster its safety precautions. Encryption of passwords will be
used when transmitting data between external networks.
6.4. All users will be solely and entirely responsible for any activities carried out under
their individual IDs and passwords. Therefore, Top Up Africa employs users to use
strong passwords by substituting alphabetic letters with numeric and signs, using
the first letter of phrase or sentence to form a word, thus deriving non-dictionary
words.
19
Rc No: 1146549
matches the business requirements in the best possible ways, and that the
principle of least access is followed.
7.2. All new connection requests between third parties and Top Up Africa requires
that the third party and Top Up Africa representatives agree to sign the
Third-Party Agreement. This agreement must be signed by the controller of the
sponsoring organization as well as a representative from the third party who is
legally empowered to sign on behalf of the third party. The signed document is
to be kept on file with the relevant extranet group. Documents pertaining to
connections into Top Up Africa are to be kept on file with the team responsible
for security protocol.
7.3. The sponsoring organization must delegate a person to be the Point Of Contact
(POC) for the extranet connection. The POC acts on behalf of the sponsoring
organization, and is responsible for those portions of this policy and the Third
Party Agreement that pertain to it. In the event that the Point Of Contact
changes, the relevant extranet organization must be informed promptly.
20
Rc No: 1146549
7.5. All connectivity established must be based on the least access principle, in
accordance with the approved business requirements and the security review.
In no case will Top Up Africa rely upon the third party to protect Top Up Africa’s
network or resources.
7.7. When access is no longer required, the sponsoring organization within Top Up
Africa must notify the extranet team responsible for that connectivity, which will
then terminate the access. This may mean a modification of existing permissions
up to terminating the circuit as appropriate. The extranet and security teams
must conduct an audit of their respective connections on an annual basis to
ensure that all existing connections are still needed, and that access provided
meets the needs of the connection. Connections that are found to be
depreciated, and/or are no longer being used to conduct Top Up Africa
business, will be terminated immediately. Should a security incident or a finding
that a circuit has been deprecated is no longer being used to conduct Top Up
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
21
Rc No: 1146549
7.8. The Information Security team will verify compliance to this policy through
various methods, including but not limited to, business tolls reports, internal and
external audits, and feedback to the policy owner. Any exception to the policy
must be approved by the information Security team in advance. An employee
found to have violated this policy may be subject to disciplinary action, up to
and including termination of employment.
8. Incidence Response Policy
Top Up Africa maintains a 5 step Incident response policy to ensure effective
preventative and containment measures. They are
a). PREPARATION
b). DETECTION AND REPORTING. The focus of this phase is to watch security
events so as to detect, alert, and report on potential security incidents.
However, items like disaster recovery and incident response are entirely action
oriented. We understand that, for incident response, the level of success is
inversely proportional to the degree of public relations exposure thus our
22
Rc No: 1146549
8.2. The steps delineated above allow us respond to the incident with speed and
decisiveness
8.3. Our incident response procedure ensures that minimal disruption and business
impact will occur. This can be better understood through the process flow; it is
within the process flow that the steps for response are outlined. The flow should
start wherever an incident comes into being, and then trace the incident via
the classification system up to the point where the Management and other
departments are notified.
Top Up Africa uses reliable and well-known hosting provider Google for all data
storage and platform so physical security policy is aligned with Google physical
security.
Google has its data center parks located in the USA. A video-monitored,
high-security perimeter surrounds the entire data center park.
23
Rc No: 1146549
Entry is only possible via electronic access control terminals with a transponder
key or admission card. All movements are recorded and documented.
Ultra-modern surveillance cameras provide 24/7 monitoring of all access routes,
entrances, security door interlocking systems and server rooms.
A modern fire detection system is directly connected to the fire alarm center of
the local fire department.
9.2. Purpose
9.3. Scope
Employees
9.4. Documentation
24
Rc No: 1146549
The Physical Security Policy document and all other referenced documents
shall be controlled. Version control shall be to preserve the latest release and
the previous version of any document. However, the previous version of the
documents shall be retained only for a period of two years for legal and
knowledge preservation purposes.
9.6. Records
The Physical Security Policy document shall be made available to all the
employees covered in the scope. All the changes and new releases of this
document shall be made available to the persons concerned. The
maintenance responsibility of the Physical Security Policy document will be with
the CISO and system administrators.
25
Rc No: 1146549
9.8. Privacy
9.9 Responsibility
The IT and Compliance teams are the designated personnel responsible for the
proper implementation of the Physical Security Policy.
The following are the policies defined for maintaining Physical Security:
26
Rc No: 1146549
vi. All physical access points (including designated entry / exit points) to
the facilities where information. reside shall be controlled and access
shall be granted to individuals after verification of access
authorization.
ix. Physical protection and guidelines for working in the areas where
information systems reside shall be designed and applied.
27
Rc No: 1146549
xii. The real-time physical intrusion alarm and surveillance equipment shall
be monitored.
xiv. Physical access to the information systems shall be granted only after
authenticating visitors before authorizing access to the facility where
the information systems reside other than areas designated as “publicly
accessible
xvi. Visitors are escorted by the designated personnel and their activities, if
required, shall be monitored.
xvii. Any user who needs to connect to an external network for official work
shall be able to do so after an official sanction from the Management
and Security Team. This team shall evaluate security risks before the
issue of any sanction.
28
Rc No: 1146549
All policies stated above are monitored and periodically updated from
time to time.
8.7. Enforcement
8.7.1. Any employee found to have violated this policy may be subjected to
disciplinary action in line with the Top Up Africa’s People Operations
Policy.
ANNEX 1
1. Every workstation will be able to print on at least one network printer and
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
29
Rc No: 1146549
3. Unless otherwise authorized all workstations will use Windows 10, Windows
8, 8.1, Windows 7 as the operating system. The initial software installed on
the system will include Microsoft Office (Standard or Professional), Internet
Explorer, Acrobat Reader, and Antivirus Corporate Edition.
4. Access to the Internet will be through Internet Explorer and e-mail will be
through the configured company’s e-mail.
6. Visitors have only the basic visitors’ user rights and access.
Printers, Copiers, Faxes, Scanners, and Other Shared Devices: All shared
devices, either on the network or stand-alone equipment, are under the purview
of the TBD Department, and will be allocated by the TBDM.
• All equipment of this nature that is placed on the company’s network is under
the direct supervision of the Technical Manager.
30
Rc No: 1146549
2. Only staff members can check out items from the IT Resource Center. To
check out an item the individual must contact one of the authorized IT
staff members, then sign and date the checkout sheet.
4. The individual that signed for the item must return it on or prior to the due
date/time to an authorized IT staff member, and report any known
problems with the item. The IT member is required to at least spot check
the item for any obvious damage or missing components. He or she will
then record its return and initial the checkout sheet, and will report any
irregularities.
SYSTEMS DOCUMENTATION
The subheading Systems Documentation contains the procedures for recording
the acquisition of new resources and maintaining the inventory of existing
equipment and materials.
All new acquisitions will be classified as either consumable or durable.
Supplies are items classified as consumable such as recordable media, toner, ink
cartridges, paper, RJ47, and CAT5 cable.
Durable items are divided into hardware (equipment) or software and licenses.
When a shipment is received the items will be examined for damage and
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
31
Rc No: 1146549
marked off the packing list, which will be initiated and dated.
The packing list will be attached to the corresponding purchase order and Form
IT-G. Any damaged, missing, backordered, or extra items are to be noted and
the vendor is to be contacted promptly
Supplies
• Ink cartridges: are the responsibility of the company
• Toner: 1 set will be in stock for every four printers of that model
• Drums, Imaging Units, etc: 1 will be in stock if there are four or more printers of
that model available
• Recordable Media: will be reordered when the following minimum levels in
stock are reached; CD-R: 5, CD-RW: 5, DVD-/+R:5, Data Tapes:5
• Cabling Supplies: will be reordered when the following minimum levels in stock
are reached RJ45: 5, Jacks:5.
Hardware
All hardware/equipment will be given a Capricorn Digital ID Tag with a unique
number. Unauthorized removal or modification of a tag is strictly forbidden. All
hardware will be recorded into the hardware log book.
Certain component items will be listed together as a single unit, such as a PC. A
PC includes the hard drive, RAM, other internal components, along with a
keyboard and mouse. The IT Inventory Database will utilize the following field (if
applicable) for each record:
1. Top Up ID #
2. Description
3. Purchase Order #
4. Manufacturer
5. Model #
6. Serial #
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
32
Rc No: 1146549
Software:
All software and licenses will be inventoried using the database; in addition, a
hard copy record will be maintained in a fireproof cabinet or offsite.
The following fields will be used in the IT Inventory Database for each record (if
applicable):
1. Description/Title
2. Version
3. Publisher
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
33
Rc No: 1146549
4. Serial #
5. Product ID #
6. Purchase Order #
7. License Type
8. Number of Licenses/Classification
9. License #
IT Inventory Database;
Any new acquisitions classified as hardware or software will be entered into the
database prior to its allocation. Any modification to a PC, network appliance or
device, or any supported system must be documented in the IT Inventory
Database. The staff member making the alterations, including the installation of
software or relocating the device must complete Form IT-C and submit it to the
Managing Director or properly designated representative, within two working
days. Items designated as salvage by the Technical Manager will be noted on
the database, listing the date the item is removed from the inventory.
1. Business Applications
2. Applications
3. Security/Fireproof System
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
34
Rc No: 1146549
The Administrator passwords for the network and servers will be set and
maintained by the Technical Manager. The list of four (4) passwords will be
documented and stored in a file in the IT Department’s lockable fireproof
cabinet/cloud. The same procedure will be followed in regards to the
administrative password for all workstations and devices at Top Up Africa.
The following summarizes the ideal structure for an IT disaster recovery plan:
Conduct the Business Impact Analysis (BIA). The business impact analysis helps to
identify and prioritize critical IT systems and components.
35
Rc No: 1146549
Identify preventive controls. These are measures that reduce the effects of
system disruptions and can increase system availability and reduce contingency
life cycle costs.
Plan testing, training and exercising. Testing the plan identifies planning gaps,
whereas training prepares recovery personnel for plan activation; both activities
improve plan effectiveness and overall agency preparedness.
Obtain copies of existing IT and network DR plans; if these do not exist, proceed
with the following steps.
36
Rc No: 1146549
Review previous history of outages and disruptions, and how the firm handled
them.
Identify what management perceives as the most critical IT assets, e.g., call
center, server farms, Internet access.
Determine the maximum outage time management can accept if the identified
IT assets are unavailable.
Identify vendor emergency response capabilities; if they have ever been used; if
they were, did they work properly; how much the company is paying for these
services; status of service contract; presence of service-level agreement (SLA)
and if it is used.
Compile results from all assessments into a gap analysis report that identifies
what is currently done versus what ought to be done, with recommendations as
to how to achieve the required level of preparedness, and estimated
investment required.
37
Rc No: 1146549
Conduct tests of plans and system recovery assets to validate their operation.
Take the IT DR planning process seriously. Although the IT DR plan can take a
great deal of time for data gathering and analysis, it doesn't have to be dozens
of pages long. Plans simply need the right information, and that information
should be current and accurate.
Review results with business units. Once the IT disaster recovery plan is complete,
review the findings with business units’ leaders to make sure your assumptions
are correct
Network Access
New users (or existing users who need to make changes) must follow these
procedures to be issued a(n): user name, initial password, roaming profile, home
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
38
Rc No: 1146549
The employee must complete, sign, and submit Form IT-D, to the Managing
Director or assigned Staff.
39
Rc No: 1146549
Internet access for workshops can be handled through the normal processes.
Network Security
The employee will be given access to a company email account. If access to
restricted applications or specific components of such programs is required, the
user must complete and submit Form IT-E as outlined in subheading Network
Access.
Employee usernames will be the first initial of the person’s first name along with
the last name
The user will be required to change the password on the initial login.
1. Passwords are case sensitive and must be a minimum of 4 characters
2. Staff member passwords must be changed at a minimum of once in two
months.
3. IT personnel and other users with administrative rights must change their
password a minimum of once/month.
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
40
Rc No: 1146549
The Technical Manager may authorize higher levels of access for IT staff
members and other users under special circumstances
Firewalls and Virus Protection: The IT Department will maintain a proxy server
and/or a network firewall protecting the company’s LAN from outside intrusion.
No server, workstation, or other network device will be assigned a public IP
address without the prior approval of the Technical Manager.
Any device with a public IP address must have a firewall protecting it from
outside intrusions.
Any attempt by a Top Up Africa network user to intentionally breach or bypass a
secure/restricted system without authorization will result in loss of network
privileges. The Technical Manager will report such occurrences to the
Managing Director of Top Up Africa, or designated representative, for additional
actions (such as suspension or termination, or even possible legal action).
The IT Department will maintain virus protection on the email server, to scan
incoming messages, and on all other servers, workstations, and appropriate
network devices. To limit possible routes of infection the preferred method of
data transfer from the outside to systems on our network will be through email
attachments. Staff members are allowed to use removable disk media or other
portable storage devices such as USB key drives. Before transferring data onto
Top Up Africa’s system data must be scanned using an up-to-date virus
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
41
Rc No: 1146549
protection program.
Security of individual workstations and the data stored upon them is the primary
responsibility of the assigned user. When the area is open to the public the
individual user should lock their computer and/or use a password protected
screensaver when logged on to the system. When a user will be absent from
their station for an extended period of time it is recommended that they shut
down the system or log off. If using a common area computer, a user must log
off the system before leaving.
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
42
Rc No: 1146549
Internet Use
IT staff members will contact the employee to provide an orientation/training on
the Internet resources that are being made available. This will include
information on the appropriate policies and procedures that govern their use.
During this orientation the employee will be given the access and security level
that were approved.
Purchasing Procedure
All procurement of hardware, software, or technology services that will be part
of or impact the Top Up Africa data or communications networks must be
purchased through the IT Department. The purpose of this process is to ensure
compatibility of new components with the existing infrastructure and to
maximize the efficiency of our resources. The IT Department will only maintain
and service equipment and software that was procured, allotted, and
implemented in a manner consistent with the appropriate policies and
procedures.
E-Mail Use
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
43
Rc No: 1146549
The status of the person requesting the account will determine what domain will
be used, the format of the user name, the default password, and storage space
allotted. The Managing Director under special circumstances will consider
exceptions.
Public Individual or Group Addresses •the account will be created on the Top
Up Africa's payments domain • (www.Top Up Africa.com)
44
Rc No: 1146549
Introduction
This Privacy Policy describes a customer’s privacy rights regarding our collection,
use, storage, sharing and protection of personal information. It applies to the
Top Up Africa website, agent application, B2B services and other services
provided by Top Up AfricaS regardless of how they are accessed or used.
Top Up Africa will not collect any additional information which are not required
by the service provider with whom Top Up Africa is connected and which
services Top Up AfricaS is selling.
Depending on services for which the customer wants to make transactions, Top
Up AfricaS can collect and process the following information: name, address,
phone, email, account number or identification number and other similar
information.
45
Rc No: 1146549
customer.
Integration with all B2B partners and Agents devices with Top Up AfricaS
platform uses a custom HTTP scheme based on a keyed-HMAC (Hash Message
Authentication Code) for authentication.
The type of security connection that will be established with a third party
depends on agreement and preferred model of the third party.
Encryption policy
Encryption is used in communication with third parties over https protocol and
using SSL certificates. Private confidential information of our customer, such as
credit card numbers and similar, are not stored in the Top Up Africa system. This
information is only passed through our system to service providers to identify
customers and sell service to them.
Top Up Africa Ltd
Suite T2, Smart Bridge Plaza,
NO 1 O.P Fingesi Street Utako
info@topupafrica.com
Abuja FCT
46
Rc No: 1146549
3.Containment: Our IT support team determines how far the problem has spread
and contains the problem by disconnecting all affected systems and devices to
prevent further damage.
47
Rc No: 1146549
5.Recovery: Data and software are restored from clean backup files, ensuring
that no vulnerabilities remain. Systems are monitored for any sign of weakness or
recurrence.
6.Lessons learned: Our IT support team analyzes the incident and how it was
handled, making recommendations for better future response and for
preventing a recurrence.
Google has its data center parks located in the USA. A video-monitored,
high-security perimeter
surrounds the entire data center park. Entry is only possible via electronic access
control terminals with a transponder key or admission card. All movements are
recorded and documented. Ultra-modern surveillance cameras provide 24/7
monitoring of all access routes, entrances, security door interlocking systems and
server rooms.
A modern fire detection system is directly connected to the fire alarm center of
the local fire department.
48
Rc No: 1146549
Top Up Africa may change this privacy policy at any time by posting an
updated privacy policy. Up-to-date policy will be available on our web site
www.TopUpAfrica.com
49