Legal
Information Security Policy
Last updated: 9 July 2026
Noko Mohoto Technologies builds and operates systems with production-grade, security-conscious practices. Our approach is informed by recognised frameworks including the OWASP Application Security Verification Standard (ASVS) and the principles behind ISO/IEC 27001, without claiming certification.
Application security
- OWASP-aligned secure development practices
- Input validation and output encoding on user-supplied data
- Production-grade authentication and session handling
- Role-based access control and permission-controlled dashboards
- Rate limiting and spam protection on public endpoints
- Security headers and transport encryption (HTTPS)
Operational security
- Secure environment variable and secret handling — no credentials in source code
- Least-privilege access to hosting, DNS, and email infrastructure
- Secure deployment workflows with review before release
- Monitoring and logging where required by the engagement
- Dependency updates and vulnerability awareness during maintenance
Continuous improvement
Security is treated as an ongoing practice, not a one-time setup. Practices are reviewed as tooling, threats, and project requirements evolve.
Contact
Questions about this policy: sales@nokomohoto.com or +27 (79) 113-4590.

