Security

Security

Effective Date

12 May, 2026

Effective Date

12 May, 2026

1. Executive Summary

 

At Eemaan, security, availability, confidentiality, and operational resilience are fundamental principles embedded into the design, delivery, and support of our solutions.


Eemaan provides enterprise-grade software and professional services focused on customer experience (CX) platforms including Genesys Cloud CX and Amazon Connect. Our solutions are designed to help organisations simplify, govern, automate, replicate, and protect critical CX configuration and operational data.

 

This document outlines the controls, processes, and practices Eemaan uses to safeguard customer systems and information, including:

 

  • Data encryption

  • Infrastructure and network security

  • Identity and access management

  • Secure software development lifecycle (SSDLC)

  • Monitoring and incident response

  • Business continuity and resilience

  • Compliance and governance

  • Vendor and third-party risk management

 

This whitepaper is intended for customers, auditors, procurement teams, security reviewers, and compliance stakeholders.

 



2. Security Governance & Ownership

 

Eemaan maintains formal security governance processes to ensure that security responsibilities are clearly defined and continuously maintained.

 


Ownership Responsibilities

 

Area


Security Operations

Compliance & Audits

Responsible Team

Secure Development

Incident Response

Policy Governance

Public Trust Documentation


Security & Infrastructure


Compliance Team

Engineering

Security & Operations

Leadership & Compliance

Security, Compliance & Marketing


The Security & Compliance teams are responsible for ensuring that all published trust and security information remains accurate, current, and aligned with the organisation’s latest controls, audits, certifications, and operational practices.

 


 

3. Infrastructure Security

 

Eemaan utilises modern cloud infrastructure providers and industry-standard security controls to protect customer systems and services.

 


Cloud Hosting & Segmentation

 

Depending on the deployment model and customer requirements, Eemaan solutions may operate within:

 

Infrastructure protections include:

  • Network segmentation

  • Environment isolation (Production / Test / DR)

  • Firewall protections

  • Security group restrictions

  • Least-privilege network access

  • VPN and secure administrative connectivity

  • DDoS mitigation controls where applicable

 


Hardening & Patch Management

 

Systems are hardened using recognised baseline standards and are subject to ongoing maintenance processes including:

 

  • Operating system patching

  • Security updates

  • Vulnerability remediation

  • Endpoint protection

  • Malware detection

  • Configuration reviews

 

Critical vulnerabilities are prioritised and remediated according to internal risk-based timelines.


 


4. Encryption & Data Protection

 

Eemaan applies encryption controls to protect customer data both in transit and at rest.

 


Encryption In Transit

 

Data transmitted between users, systems, APIs, and services is protected using secure transport protocols including:

 

  • TLS 1.2 or higher

  • HTTPS-secured communication

  • Secure API integrations

  • Encrypted remote administrative access

 


Encryption At Rest

 

Where supported by the deployment architecture and hosting platform, customer data and backups are protected using encryption-at-rest technologies including:

 

  • AES-256 encryption

  • Encrypted cloud storage

  • Database encryption mechanisms

  • Encrypted backup repositories

 


Data Minimisation

 

Eemaan solutions are designed to minimise unnecessary storage or replication of sensitive customer information wherever operationally possible.

 

Access to customer data is restricted strictly to authorised personnel with legitimate business need.


 


5. Identity & Access Management

 

Eemaan follows the principle of least privilege across systems, applications, and operational environments.

 


Access Controls

 

Security controls include:

  • Role-based access control (RBAC)

  • Unique user accounts

  • Strong password requirements

  • Multi-factor authentication (MFA)

  • Privileged access restrictions

  • Access approval workflows

  • Periodic access reviews

 

Administrative access is limited to authorised personnel only and is monitored where appropriate.

 

Employee Security Practices

 

Personnel with access to customer environments or sensitive systems are subject to:

  • Security awareness training

  • Acceptable use requirements

  • Confidentiality obligations

  • Role-based access limitations

 

Access is revoked promptly upon role change or termination.

 


 

6. Secure Development Practices

 

Security is integrated throughout Eemaan’s software development lifecycle.

 


Secure SDLC

 

Eemaan incorporates secure development practices including:

  • Security-focused design reviews

  • Source code management controls

  • Change management processes

  • Peer code reviews

  • Testing and validation procedures

  • Controlled release management

 


Vulnerability Management

 

The organisation performs ongoing vulnerability management activities, including:

  • Vulnerability scanning

  • Dependency review

  • Patch management

  • Security remediation tracking

 

Issues identified through internal reviews or external reports are prioritised based on risk and business impact.


 


7. Monitoring, Logging & Detection

 

Eemaan maintains operational monitoring and logging capabilities to support security visibility and incident detection.

 

 

Monitoring Capabilities

 

Monitoring controls may include:

  • Infrastructure monitoring

  • Service availability monitoring

  • Security event logging

  • Audit trail generation

  • Operational alerting

  • Backup monitoring

 


Audit Trails

 

Solutions such as Eemaan Audit Trail Gateway (ATG) are specifically designed to provide enhanced visibility, governance, configuration tracking, and auditability across CX environments.


 


8. Incident Response

 

Eemaan maintains an incident response process designed to identify, assess, contain, remediate, and communicate security incidents appropriately.

 

Incident Response Lifecycle

 

The incident management process includes:

  1. Detection & Reporting

  2. Triage & Classification

  3. Containment

  4. Investigation

  5. Remediation

  6. Recovery

  7. Post-Incident Review

 

Where applicable and contractually required, affected customers are notified of confirmed security incidents in accordance with regulatory and contractual obligations.



 

9. Backup, Resilience & Business Continuity

 

Eemaan recognises the operational importance of resilience and recoverability for enterprise CX platforms.

 


Backup & Recovery

 

Depending on the solution and deployment scope, protections may include:

  • Configuration backup capabilities

  • Secure backup storage

  • Disaster recovery support

  • Replication capabilities

  • Recovery procedures

  • Export and governance tooling

 

For example, Eemaan CX replication and governance solutions are designed to help organisations reduce operational risk associated with configuration loss, migration, or regional failover scenarios.

 


Business Continuity


Eemaan maintains business continuity and operational recovery procedures intended to support continued service delivery during disruptive events.




10. Compliance & Privacy

 

Eemaan aligns its security and privacy practices with recognised industry frameworks and customer requirements.

 


Compliance Alignment

 

Eemaan supports compliance initiatives including:

  • SOC 2 security programmes

  • GDPR data protection principles

  • Customer security due diligence

  • Vendor risk assessments

 


Data Privacy

 

Eemaan is committed to protecting personal data and handling information responsibly in accordance with applicable legal and contractual requirements.

 

Privacy and data processing obligations are managed through:

  • Access restrictions

  • Data minimisation

  • Secure processing practices

  • Confidentiality controls

 


 

11. Third-Party & Vendor Management

 

Eemaan evaluates critical third-party providers and cloud vendors used in the delivery of services.

 

Considerations include:

  • Security posture

  • Compliance capabilities

  • Reliability

  • Availability

  • Contractual protections

 

Eemaan leverages established cloud and SaaS providers with mature security programmes where appropriate.

 


 

12. Customer Responsibilities

 

Security is a shared responsibility. Customers are encouraged to:

  • Enforce MFA for their users

  • Maintain secure endpoint devices

  • Review user permissions regularly

  • Protect administrative credentials

  • Follow vendor-recommended security practices

  • Maintain appropriate internal governance

 


 

13. Security Reporting & Contact

 

Customers or researchers wishing to report a suspected security issue or vulnerability may contact Eemaan directly.

techsupport@eemaan.com


Eemaan Limited
The Curve, Office 2
53 Tempest Street
Wolverhampton
WV2 1AA

 


 

14. Trust & Transparency

 

Eemaan is committed to maintaining transparency around its operational, security, and compliance practices.

 

Additional trust resources may be made available through:

  • Public trust pages

  • Customer documentation portals

  • Security questionnaires

  • Compliance documentation

  • Vanta Trust Center integrations

Legal

Legal

Legal