Skip to main content

Security & Compliance

Enterprise-grade
security posture.

How AstaCraft Systems protects enterprise data — covering infrastructure security, compliance frameworks, and data residency for organizations across Africa.

Security Practices

How we protect your data.

Data Encryption

All data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Encryption keys are managed separately from data stores.

Cloud Infrastructure

Systems are hosted on AWS, Microsoft Azure, and Google Cloud — each with enterprise-grade physical and network security, redundancy, and disaster recovery.

GRA Compliance

AstaBill is compliant with Ghana Revenue Authority requirements for digital receipts and invoices. Our software generates GRA-compliant documentation by default.

ISO 27001 Roadmap

We are pursuing ISO 27001 certification. Our information security management practices are aligned with the standard and we conduct regular internal audits.

Incident Response

We maintain a documented incident response plan with defined response time SLAs, client notification protocols, and post-incident review processes.

Access Controls

Role-based access controls, multi-factor authentication, and principle of least privilege are enforced across all internal systems and client-facing platforms.

Compliance Status

Active certifications and programs.

GRA Certified

Active

Ghana Revenue Authority compliance for digital receipts

GDPR-aligned practices

Active

Data subject rights and processing agreements in place

Penetration testing

Annual

Third-party penetration tests conducted annually

Data residency

Available

Ghana and regional hosting options available on request

Vulnerability disclosure program

Active

Responsible disclosure policy — contact security@astacraftsystems.com

Certification Roadmap

ISO 27001

In Progress

Certification expected 2026 — security management practices are aligned with the standard and internal audits are underway

Data Residency

Your data stays where you need it to.

For enterprise clients with regulatory data residency requirements, we can provision Ghana-hosted or West Africa-regional infrastructure on AWS and Azure. This is particularly relevant for financial services, healthcare, and government clients operating under sector-specific data localization requirements.

Contact us to discuss data residency requirements as part of your engagement scoping.

Security contact

General security inquiries

security@astacraftsystems.com

Vulnerability disclosure

security@astacraftsystems.com

Enterprise compliance docs

Available on request — contact sales

Questions about security?

Talk to our technology team.

We provide security documentation, compliance questionnaires, and architecture reviews for enterprise procurement processes.

Book a Technology Call →