Security Hardening

Security Hardening is the production-readiness layer — MFA enforcement, audit log, rate-limit, SIEM forwarding, encryption-at-rest, IP whitelist, consent capture, retention policy, DSAR, right-to-erasure, cyber-incident workflow.

SOC 2 controls
SOC 2 control register with status, evidence and ownership.
SOC 2 evidence
Automated evidence collection — backup verification, MFA coverage, access reviews.
Cyber incidents
Cyber-incident model — captures, classifies, and notifies CBK within the 24-hour window.

How a member exercises the right to erasure

Under KDPA / GDPR, members can request deletion of their personal data. The wizard handles the "right to be forgotten" while preserving the regulatory minimum (e.g. AML records).

  1. Member submits the request via iBANK /ibank/profile → Right to be forgotten.
  2. Compliance reviews — open Members → Compliance → Erasure requests.
  3. Approve. The wizard anonymises personal fields (name, ID, phone, email) while preserving regulatory data (AML, audit log).
  4. A signed erasure certificate is emailed to the member.

How a cyber-incident notification fires

CBK requires notification within 24 hours of detection. The cyber-incident model captures the event and queues the notification email automatically.

  1. Operations Officer opens Security → Cyber Incidents → New.
  2. Capture type, time, scope, initial classification.
  3. Suite computes the 24-hour deadline and emails CBK the initial notice.
  4. As the investigation progresses, post-incident updates feed the same record; final report fires at close.

Reference

Feature checklist

  • MFA enforced on backend login
  • Consent capture on member create
  • Data-retention policy + auto-purge cron
  • DSAR self-service for members
  • Right-to-erasure wizard
  • Cyber-incident model + CBK 24-hour notification
  • Centralized log forwarding
  • Rate-limit per IP + per user
  • IP whitelist for admin endpoints

Configuration reference

WhereWhat to set
MFA policyEnforced / opt-in / disabled
RetentionPer-model days + sweep cron
SIEMEndpoint + token
Rate limitsPer-IP and per-user windows

Roles & permissions

GroupCapability
mfi_security_hardening.group_security_adminConfigure, view SIEM

Accounting integration

None.
Tip. KDPA / ODPC registration pack ships with the module — see /opt/staging/docs for the templates.
Was this page helpful?