Information Security Policy
Last Updated: May 21, 2025

Carloom Automotive (Pty) Ltd ("Carloom Automotive," "we," "us," or "our") is committed to protecting the confidentiality, integrity, and availability of all information entrusted to us by our users (Buyers and Dealerships) and generated through the use of our Platform (carloom.co.za). This Information Security Policy outlines the principles, responsibilities, and measures we implement to safeguard data and maintain a secure operating environment. This policy supplements our Privacy Policy and Website User Terms and Conditions.

1. Policy Statement
Carloom Automotive (Pty) Ltd is dedicated to maintaining a robust information security program that protects against unauthorized access, use, disclosure, disruption, modification, or destruction of information. We strive to comply with applicable laws, regulations, and industry best practices related to information security and data privacy.

2. Scope
This policy applies to all information assets, systems, networks, applications, and data owned or managed by Carloom Automotive (Pty) Ltd, as well as all employees, contractors, and third parties who access or process information on our behalf.

3. Security Objectives
Our primary information security objectives are to ensure:

Confidentiality: Protecting information from unauthorized access and disclosure.

Integrity: Ensuring the accuracy, completeness, and reliability of information and processing methods.

Availability: Ensuring that authorized users have timely and reliable access to information and systems.

Compliance: Adhering to relevant legal, regulatory, and contractual obligations.

4. Key Security Measures and Controls
Carloom Automotive (Pty) Ltd implements a multi-layered approach to information security, including:

Access Control:

Strict "least privilege" principles applied to all user and system access.

Strong authentication mechanisms (e.g., multi-factor authentication where appropriate).

Regular review and revocation of access rights.

Data Encryption:

Encryption of data in transit (e.g., using SSL/TLS for website communication).

Encryption of sensitive data at rest (e.g., in databases and storage).

Network Security:

Firewalls, intrusion detection/prevention systems, and network segmentation.

Regular vulnerability scanning and penetration testing.

System Hardening:

Secure configuration of servers, applications, and databases.

Regular patching and updates to address known vulnerabilities.

Incident Response:

A defined incident response plan to detect, respond to, and recover from security incidents.

Regular testing and refinement of incident response procedures.

Backup and Recovery:

Regular backups of critical data and systems.

Disaster recovery plans to ensure business continuity.

Vendor Security Management:

Due diligence and security assessments of third-party vendors and service providers.

Contractual agreements requiring vendors to adhere to appropriate security standards.

Employee Training & Awareness:

Mandatory security awareness training for all employees and contractors.

Regular updates on current security threats and best practices.

Physical Security:

Measures to protect physical access to data centers and critical infrastructure.

Logging and Monitoring:

Comprehensive logging of system activities and security events.

Continuous monitoring for suspicious activities and anomalies.

5. User Responsibilities
Users of the Carloom Automotive Platform also play a crucial role in maintaining security:

Password Management: Users are responsible for creating strong, unique passwords and keeping them confidential.

Account Security: Users must report any suspected unauthorized access to their accounts immediately.

Safe Usage: Users should exercise caution when clicking on links, opening attachments, or sharing personal information online.

Compliance: Users must comply with all security-related provisions outlined in the Website User Terms and Conditions and other relevant policies.

6. Compliance and Governance
Legal Compliance: We are committed to complying with relevant data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa.

Regular Audits: Our information security program is subject to regular internal and external audits to ensure effectiveness and compliance.

Policy Review: This policy will be reviewed and updated periodically to reflect changes in technology, threats, and regulatory requirements.

7. Contact Information
If you have any questions or concerns about our Information Security Policy, or if you suspect a security vulnerability or incident, please contact us immediately at:

Carloom Automotive (Pty) Ltd
Fourways, South Africa
info@carloom.co.za
www.carloom.co.za