Wiztech Group
Security

Player money. Player data. Infrastructure. All four properly defended.

Wiztech is built around the assumption that you will be audited. Every control listed below is documented, evidence-able and enforced in production — not aspirational.

Controls

The full posture.

If your security review needs SIG, CAIQ or a custom questionnaire filled in, we have the answers on file.

PCI DSS via partners

Card data never enters Wiztech systems. Payments are tokenised through PCI DSS-certified processors; we hold no card data in scope.

GDPR + LGPD ready

Data subject request flows, DPA-grade processing records, and EU-resident data plane.

Pen-testing

Quarterly black-box pen-tests by an independent CREST-accredited firm; remediation reviewed in 48h.

Continuous scanning

SAST, dependency, container and IaC scanning gate every merge; daily runtime scans on production.

Key management

Per-tenant data encryption with managed KMS, segregated key access and audited rotation procedures.

Audit trail

Append-only audit log of every privileged action, retained for 7 years and exportable on demand.

How we run security

Defence in depth, not defence in deck.

Build-time

Every PR runs SAST, secrets scanning, dependency review and license check. Container images are signed and scanned at push time; unsigned images cannot deploy.

Runtime

Workloads run in segmented networks with least-privilege IAM. Egress is filtered by default; admin access requires hardware MFA and is logged to a tamper-evident store.

Response

24/7 on-call rotation with documented runbooks. Severity-1 customer-impacting incidents are acknowledged within 15 minutes and post-mortems are shared with affected operators within 5 days.

For your security team

What we'll share, and how to ask.

We don't publish our full security pack on the open web — but it is one signed NDA away. Email security@wiztechgroup.com and our security lead will reply within one business day.

  • Pen-test summary (latest engagement)
  • Vendor security assessment (SIG / CAIQ)
  • Data Processing Addendum (DPA) and sub-processor list
  • Incident response policy and runbook samples
  • Business continuity & disaster recovery plan
  • Encryption & key management architecture
  • Operating-licence evidence for South Africa and Mexico
  • PCI DSS attestation chain for payment partners