TTENSITYGROUP

Legal

Security Policy

Last updated: 11 May 2026

1. Our Commitment to Security

At Tensity Group, the nature of our work — behavioral intelligence consulting, pressure mapping, and stress-response modeling — means we handle sensitive organizational and individual data. We take this responsibility seriously. Security is not an afterthought; it is embedded into how we operate, how we store data, and how we deliver our services.

This Security Policy outlines the measures we take to protect the confidentiality, integrity, and availability of all data entrusted to us.

2. Data Protection Measures

Encryption

All data transmitted between your browser and our systems is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption standards.

Access Controls

Access to client data is restricted on a strict need-to-know basis. All team members with data access use multi-factor authentication (MFA) and unique credentials. Access permissions are reviewed regularly.

Secure Infrastructure

Our systems are hosted on infrastructure providers that maintain industry-standard security certifications (SOC 2, ISO 27001). We regularly review and update our infrastructure security posture.

Network Security

We employ firewalls, intrusion detection systems, and continuous monitoring to protect against unauthorized access, DDoS attacks, and other network-level threats.

3. Behavioral Data Security

Given the sensitive nature of behavioral intelligence data — including pressure maps, stress-response patterns, and team dynamics assessments — we apply additional safeguards:

  • Behavioral assessment data is stored separately from general business data with additional access restrictions
  • Individual assessment results are pseudonymized where possible, with identifying information stored separately
  • Reports and analyses are delivered through secure channels — never via unencrypted email attachments
  • Client data is logically isolated to prevent cross-contamination between engagements
  • All behavioral data is purged within 12 months of engagement completion, unless a different retention period is contractually agreed

4. Data Breach Management

Despite best efforts, no system is completely immune to security incidents. We maintain a comprehensive data breach response plan that includes:

Detection & Containment

  • Continuous monitoring and automated alerting for suspicious activity
  • Immediate containment procedures to isolate affected systems
  • Preservation of forensic evidence for investigation

Assessment & Investigation

  • Rapid assessment of scope, severity, and data affected
  • Root cause analysis to understand how the breach occurred
  • Engagement of external security experts where necessary

Notification

  • Affected individuals and client organizations will be notified without undue delay
  • Notification to relevant supervisory authorities within the timeframes required by applicable law in each jurisdiction (e.g., within 72 hours under GDPR, within 30 days under Australia's Notifiable Data Breaches scheme)
  • Notifications will include: nature of the breach, data involved, likely consequences, and remedial measures taken

Remediation & Prevention

  • Implementation of corrective measures to prevent recurrence
  • Post-incident review and update of security procedures
  • Documentation of lessons learned and policy improvements

5. Personnel Security

  • All team members undergo security awareness training upon onboarding and annually thereafter
  • Confidentiality and non-disclosure agreements are signed by all personnel with access to client data
  • Background checks are conducted for team members handling sensitive data
  • Access is immediately revoked upon role change or departure

6. Third-Party Security

We carefully vet all third-party service providers who may have access to or process data on our behalf. Third parties must:

  • Demonstrate appropriate security certifications or practices
  • Execute data processing agreements with confidentiality and security obligations
  • Comply with applicable data protection legislation
  • Submit to periodic security reviews

7. Business Continuity & Disaster Recovery

We maintain business continuity and disaster recovery procedures to ensure the availability and resilience of our systems. This includes regular data backups, redundant infrastructure, and documented recovery procedures with defined recovery time objectives (RTOs) and recovery point objectives (RPOs).

8. Compliance & Regulatory Alignment

Our security practices are designed to align with:

  • EU General Data Protection Regulation (GDPR) — including data protection by design and by default
  • Australian Privacy Act 1988 — including the Notifiable Data Breaches scheme and Australian Privacy Principles
  • South African POPIA — including conditions for lawful processing and security safeguards
  • ISO 27001 principles — information security management best practices
  • NIST Cybersecurity Framework — for risk identification, protection, detection, response, and recovery

9. Vulnerability Management

We conduct regular security assessments, including vulnerability scanning and penetration testing, to identify and remediate potential weaknesses. Critical vulnerabilities are addressed within 24 hours of identification. We also maintain a responsible disclosure process — if you discover a security vulnerability, please report it to us immediately.

10. Physical Security

Where physical offices or workspaces are used, we implement appropriate physical security controls including restricted access, visitor management, and secure disposal of physical media containing sensitive information.

11. Updates to This Policy

We review and update this Security Policy regularly to reflect changes in our practices, technology, and regulatory requirements. Material changes will be reflected with an updated “Last updated” date.

12. Reporting a Security Concern

If you believe you have discovered a security vulnerability, or if you have concerns about the security of your data, please contact us immediately:

Tensity Group — Security Team

Report a security concern →

For urgent security incidents, please mark your enquiry as urgent.

← Back to home