Data residency and security controls must be evidenced.
Regulated sectors and critical digital businesses cannot rely on marketing claims alone. Gewape Cloud Infrastructure scopes security controls, support access, residency boundaries, and evidence packs for live-country deployments.
Security evidence and compliance support
Certification names are useful only when the certificate scope covers the service being purchased. Buyers should request the relevant evidence pack during customer review.
ISMS scope evidence
Information security management evidence for the relevant scope
Available under NDAContinuity evidence
Business continuity, backup, DR, and restore-test documentation
Scope-specificFacility evidence
Datacenter, power, physical security, and network evidence
Scope-specificPayment scope evidence
Payment-card-adjacent controls and shared responsibility where applicable
By workloadSecurity Practices
Defense-in-depth approach with multiple layers of security controls.
Encryption at Rest
All data encrypted using AES-256. Customer-managed keys available for enterprise tiers.
Encryption in Transit
TLS 1.3 for all data in transit. Perfect forward secrecy enabled by default.
Access Controls
Role-based access control (RBAC), multi-factor authentication, and audit logging.
Network Security
Private networks, firewalls, DDoS protection, and intrusion detection systems.
Physical Security
24/7 security personnel, biometric access, CCTV monitoring, and secure perimeters.
Vulnerability Management
Regular penetration testing, vulnerability scanning, and security patching.
Data Sovereignty by Design
Data residency is the baseline, not the outcome. We combine in-country deployment with governance, access, and operational controls that keep decision rights local.
- Country-specific data placement confirmed in the service scope and DPA
- Privileged operations and support-access workflows disclosed before production use
- Customer-controlled key and access policy options for sensitive workloads
- Portable, open architecture to reduce strategic vendor lock-in risk
Regulatory Baseline Coverage
Data Protection Act 2019
Law N° 058/2021
NDPA 2023
POPIA
PDPA 2012
LGPD