New CBN rules make manual AML non-compliant.

Read the brief
Compliance & Trust

Security and compliance, independently verified.

MaiGuard Sentinel Limited is certified to ISO/IEC 27001:2022 for information security and files its data-protection audit returns under Nigeria's NDP Act, 2023. Independent audits — not self-assessment — stand behind how the platform is built.

ISO/IEC 27001:2022Certified
Information Security Management System
Accredited certification body · International · 2025
NDP Act, 2023Acknowledged
Data protection compliance audit
Nigeria Data Protection Commission (NDPC) · Nigeria · 2025

Certifications

Independently audited and certified.

MaiGuard is certified to ISO/IEC 27001:2022 for information security management and files its data-protection audit returns under the NDP Act, 2023.

ISO/IEC 27001:2022

Certified

Information Security Management System

Independently certified that MaiGuard operates a risk-based information security management system to the ISO/IEC 27001:2022 standard — covering people, processes and technology across the platform.

Issuer
Accredited certification body
Scope
International
Year
2025

NDP Act, 2023

Acknowledged

Data protection compliance audit

Annual data-protection compliance audit returns filed with the Nigeria Data Protection Commission and acknowledged for 2025 under the Nigeria Data Protection Act, 2023.

Issuer
Nigeria Data Protection Commission (NDPC)
Scope
Nigeria
Year
2025
Verify at ndpc.gov.ng
In progressSOC 2 Type IIPCI DSS

Data protection by design

How we meet our obligations.

The audit confirms what we file. These are the controls that stand behind it, every day.

Data residency

Customer and personal data is processed in regions appropriate to your tenancy, with an Africa-first deployment posture.

Encryption in transit and at rest

Traffic is protected with modern TLS, and stored data is encrypted at rest across our managed infrastructure.

Retention and deletion

Personal data is kept only as long as the service needs it, then deleted on a defined schedule. See our Data Retention Policy.

Access controls

Least-privilege access, scoped API keys, and audit trails govern who can reach data and what they can do with it.

Breach notification

Documented incident response procedures align with the notification timelines set out under the NDP Act, 2023.

Data subject rights

We support access, correction, and deletion requests, and process personal data only on a lawful basis.

Questions from your compliance team?

Send the audit acknowledgement to procurement, or talk to us about a Data Processing Agreement and your data protection requirements.