Compliance Documentation

Overview

SUBARASHI-DOKITA.AI LTD maintains comprehensive compliance documentation in accordance with Nigerian Data Protection Regulation (NDPR), Nigeria Data Protection Act (NDPA), and international best practices. Our compliance framework ensures the highest standards of data security and privacy protection.

Compliance Standards

Data Protection & Information Governance

Core Documentation

• Information Asset Register - Comprehensive register of all personal data held
• Privacy Notice - Transparency information for data subjects
• Asset Register - Technical and information asset inventory
• Subject Access Request Process - Procedures for handling data subject rights requests
• Data Security Risk Assessment - Ongoing risk assessment and mitigation strategies

Supplier Management

Third Party Oversight

• Supplier List - Register of all data processors and sub-processors
• Supplier Security Clauses - Contractual security requirements for suppliers
• Supplier Security Incidents - Procedures for managing supplier-related incidents

Current Data Processors

Training & Awareness

Staff Training Programs

• Training Needs Analysis - Assessment of training requirements across organization
• Training Implementation - Structured training delivery and tracking
• Training Evaluation - Assessment of training effectiveness and outcomes
• IG & Cyber Response - Information governance and cybersecurity training
• Staff Engagement - Ongoing awareness and engagement programs

Security & Authentication

Access Control & Authentication

• Data Security Incidents - Incident response and management procedures
• Authentication Strategy - Comprehensive authentication framework
• User Authentication - Multi-layered user authentication controls
• Multi-Factor Authentication - MFA implementation and enforcement

Technical Security Measures

• AES 256 encryption for data at rest
• TLS 1.2+ for data in transit
• Role-based access control (RBAC)
• Comprehensive audit logging
• Regular vulnerability scanning
• External security audits

Incident Response & Business Continuity

Incident Management

• Board Notification - Executive escalation procedures for critical incidents
• Operational Services Dependencies - Critical service dependency mapping
• Threat Intelligence Response - Proactive threat monitoring and response
• Incident Response Testing - Regular testing and simulation exercises
• Business Continuity Exercise - Disaster recovery and continuity planning
• Incident Response Technical Resources - Technical response capabilities
• Press Materials Data Incidents - Communication protocols for data incidents

Emergency Contacts

Software & Patch Management

Vulnerability Management

• Software Asset Management - Inventory and lifecycle management of software assets
• Unsupported Software Register - Tracking and mitigation of legacy systems
• Patch Management Strategy - Systematic approach to security patching
• Critical Patch Management - Expedited patching for critical vulnerabilities
• Unpatched Vulnerability Management - Risk assessment and compensating controls
• Supported OS Compliance - Ensuring all systems run supported operating systems
• Infrastructure Protection - Network and infrastructure security controls

Security Assurance & Testing

Validation & Verification

• Penetration Test SIRO Review - Executive review of penetration testing results
• Medical Devices - Not applicable to current operations
• Security Validation Assurance - Ongoing security control validation
• Security Deficiency Remediation - Systematic remediation of identified issues
• Change Management Process - Controlled change management procedures

Data Protection by Design

Privacy-Enhancing Technologies

• Tokenisation - Replacing sensitive data with non-sensitive equivalents
• Hashing - One-way cryptographic transformation of identifiers
• Truncation - Partial data removal while maintaining utility
• Generalisation - Reducing precision of dates, locations, and other attributes
• K-Anonymisation - Ensuring minimum group sizes in datasets
• Pseudonymisation - Separating identity from data while maintaining utility

Governance & Oversight

Executive Responsibility

Document Access & Requests

Full compliance documentation packages are available to:

• Regulatory authorities upon request
• Nigerian healthcare organizations
• Audit and assessment bodies
• Customers under contractual agreements
• Data subjects exercising their rights under NDPR

Request Documentation

To request access to specific compliance documents, please contact:

Please include in your request:

• Your name and organization
• Specific documents or areas of interest
• Purpose of the request
• Any applicable deadlines

Continuous Improvement

Our compliance framework is subject to regular review and continuous improvement:

• Monthly: Review of security logs and access patterns
• Quarterly: Compliance documentation updates and staff training
• Bi-annually: External security audits and penetration testing
• Annually: Comprehensive compliance review and NDPR audit

Regulatory Bodies