Data residency and security controls must be evidenced.

Regulated sectors and critical digital businesses cannot rely on marketing claims alone. Gewape Cloud Infrastructure scopes security controls, support access, residency boundaries, and evidence packs for live-country deployments.

Security evidence and compliance support

Certification names are useful only when the certificate scope covers the service being purchased. Buyers should request the relevant evidence pack during customer review.

ISMS scope evidence

Information security management evidence for the relevant scope

Available under NDA

Continuity evidence

Business continuity, backup, DR, and restore-test documentation

Scope-specific

Facility evidence

Datacenter, power, physical security, and network evidence

Scope-specific

Payment scope evidence

Payment-card-adjacent controls and shared responsibility where applicable

By workload

Security Practices

Defense-in-depth approach with multiple layers of security controls.

Encryption at Rest

All data encrypted using AES-256. Customer-managed keys available for enterprise tiers.

Encryption in Transit

TLS 1.3 for all data in transit. Perfect forward secrecy enabled by default.

Access Controls

Role-based access control (RBAC), multi-factor authentication, and audit logging.

Network Security

Private networks, firewalls, DDoS protection, and intrusion detection systems.

Physical Security

24/7 security personnel, biometric access, CCTV monitoring, and secure perimeters.

Vulnerability Management

Regular penetration testing, vulnerability scanning, and security patching.

Data Sovereignty by Design

Data residency is the baseline, not the outcome. We combine in-country deployment with governance, access, and operational controls that keep decision rights local.

  • Country-specific data placement confirmed in the service scope and DPA
  • Privileged operations and support-access workflows disclosed before production use
  • Customer-controlled key and access policy options for sensitive workloads
  • Portable, open architecture to reduce strategic vendor lock-in risk

Regulatory Baseline Coverage

Kenya

Data Protection Act 2019

Live alignment
Rwanda

Law N° 058/2021

Live alignment
Nigeria

NDPA 2023

Private cloud scope
South Africa

POPIA

Private cloud scope
Singapore

PDPA 2012

Private cloud scope
Brazil

LGPD

Private cloud scope

Ready to deploy? Your procurement team's checklist is already covered.

Residency confirmation, DPA terms, sub-processor disclosure, support-access boundaries, security evidence, and architecture documentation are available as part of the scoped customer review pack.