Get in touch

Security Statement

CS & Partner Consulting Ltd.

At CS & Partner Consulting Ltd., the security, confidentiality and integrity of our clients’ data is one of our highest priorities. As an IT and nearshoring company operating across Mauritius and the DACH region, we follow strict technical, organisational and compliance standards to ensure that all information is processed securely and responsibly.

Below is an overview of the key measures we apply.

1. Secure Infrastructure & Hosting

We operate our systems in secure data centres and cloud infrastructures that follow industry best practices. Our environments include:

  • Encrypted servers and secure virtualised environments
  • Firewall protection, network segmentation and intrusion-prevention mechanisms
  • Regular security updates, patch management and vulnerability monitoring
  • Access logging and continuous operational monitoring

Where required, we use hosting locations within the EU or Switzerland to meet client-specific compliance requirements.

2. Data Encryption

All data transferred between your browser and our systems is protected through TLS/SSL encryption. Sensitive information stored within our systems is encrypted at rest wherever technically applicable.

3. Access Control & Identity Management

We apply strict access and identity-management principles, including:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) for privileged users
  • Least-privilege and need-to-know principles
  • Regular access audits and reviews

Only authorised personnel have access to systems or information relevant to their responsibilities.

4. Organisational Security Measures

To maintain a secure operating environment, we follow established internal policies and procedures such as:

  • Confidentiality agreements for all employees and contractors
  • Data-handling and clean-desk guidelines
  • Mandatory security and privacy awareness training
  • Internal escalation processes for security incidents

All employees are required to follow strict confidentiality obligations.

5. Secure Development & Quality Assurance

For software development, we follow secure engineering practices, including:

  • Version control and auditability via GitLab
  • Code reviews and four-eyes principle
  • Separation of development, testing and production environments
  • CI/CD pipelines for automated deployments
  • Automated and manual testing

Our engineering workflow aligns with modern DevOps and agile standards.

6. Third-Party Providers & Compliance

Where external service providers are involved (e.g., hosting, analytics), we ensure that:

  • They meet the security standards required by the Mauritius Data Protection Act 2017
  • Data processing agreements (DPAs) are in place if needed
  • International data transfers comply with Section 36 safeguards (adequate protection)

All third parties are selected based on strict quality and security criteria.

7. Incident Response & Monitoring

We maintain processes to rapidly detect, assess and respond to security incidents:

  • Continuous monitoring of systems
  • Logging and anomaly detection
  • Documented incident response procedures
  • Immediate containment and investigation in case of suspected breaches
  • Transparent communication according to legal requirements

8. Commitment to Continuous Improvement

Cybersecurity is not a one-time task.
We continuously monitor and improve our security posture by:

  • Regular internal audits
  • Vulnerability assessments
  • Process and policy updates
  • Adoption of modern security frameworks and standards

Contact

If you have questions about our security practices or require additional information (e.g., compliance documentation for a project), please contact us at: security (at) cspc.mu