Skip to main content
NexNet CyberLabs
Trust & Security
Security First. Always.

Trust & Security

Enterprise-grade security, compliance transparency, and responsible disclosure practices that protect your data and our shared digital future.

View ComplianceReport Vulnerability

Certifications & Accreditations

Independently verified security and compliance standards

ISO 27001:2022

ISO 27001:2022

Certified

QSA Europe

Valid until Dec 2025

SOC 2 Type II

SOC 2 Type II

In Progress

Control Trust

Q1 2026 expected

Cyber Essentials Plus

Cyber Essentials Plus

Certified

UK IASME

Valid until Jun 2025

CREST Penetration Testing

CREST Penetration Testing

Accredited

CREST International

Annual renewal

Compliance Framework Coverage

Mapped across ISO, NIST, GDPR/POPIA, and SOC 2 controls with continuous monitoring

ISO 27001:2022

Certified

Full ISMS implementation covering 93 controls across 14 domains. Lead auditor coaching and certification prep.

NIST Cybersecurity Framework

Implemented

Tier 3 (Repeatable) implementation with assessments, progression roadmaps, and continuous monitoring.

GDPR & POPIA

Operational

Data mapping, DPIAs, DPO advisory, breach notification protocols, and cross-border transfer mechanisms.

SOC 2 Type II

In Progress

Trust Services Criteria (Security, Availability, Confidentiality). Control design, evidence collection, monitoring automation.

Security Architecture

Enterprise-grade controls protecting your data

End-to-End Encryption

AES-256 encryption at rest, TLS 1.3 in transit. Zero-knowledge architecture for forensic evidence.

Access Controls

Role-based access control (RBAC), multi-factor authentication, and privileged access management.

Audit Logging

Immutable audit trails for all data access, modifications, and system changes. 7-year retention.

Third-Party Audits

Annual penetration tests, quarterly vulnerability scans, and continuous security monitoring.

Penetration Test Results

Third-party security assessments with full remediation

2024

Infrastructure & Web Applications

Findings:0 Critical, 2 High, 5 Medium
Remediation:100% remediated within SLA
Download Summary

2023

API & Mobile Applications

Findings:0 Critical, 1 High, 3 Medium
Remediation:100% remediated within SLA
Download Summary

2022

Full Infrastructure Assessment

Findings:1 Critical, 3 High, 7 Medium
Remediation:100% remediated within SLA
Download Summary

Audit & Assessment Schedule

Continuous verification and independent assessments

Q1

External Penetration Test

CREST-accredited annual infrastructure and application penetration testing by independent third parties.

Q2

ISO 27001 Surveillance

Annual surveillance audit by QSA Europe to maintain ISO 27001:2022 certification status.

Q3

Vulnerability Assessment

Quarterly vulnerability scanning across all internet-facing assets and internal infrastructure.

Q4

SOC 2 Readiness

Continuous evidence collection and control testing for SOC 2 Type II audit preparation.

Security & Compliance FAQs

Common questions about our security practices

We use AES-256 encryption at rest and TLS 1.3 in transit. All forensic evidence is stored in zero-knowledge encrypted vaults with client-controlled keys. Access is logged and monitored with immutable audit trails.

Responsible Disclosure Program

Security researchers are valued partners

If you've discovered a security vulnerability in our systems or services, we want to hear from you. We're committed to working with security researchers to verify and address vulnerabilities quickly and responsibly.

Reporting Guidelines

  • Email: security@nexnet-cyberlabs.com (PGP key available)
  • Acknowledgment: Initial response within 48 hours
  • Updates: Status updates every 7 days until resolution
  • Safe Harbor: Good faith research is protected under our policy
Report VulnerabilityView Full Policy

Need Compliance Support?

Our GRC team can help you achieve ISO 27001, SOC 2, or sector-specific compliance certifications.

Schedule ConsultationGRC Services