Compliance
This page outlines the Sirwaji compliance framework for booking workflows, customer management, and automated communications.
Last updated: February 18, 2026
Applicable standards
- EU GDPR principles for processing involving EU data subjects.
- Moroccan Law 09-08 for personal data protection requirements.
- Controls aligned with ISO/IEC 27001 and ISO/IEC 27701 best practices.
- Secure-by-design approach inspired by OWASP web application guidance.
Shared responsibility model
| Area | Sirwaji responsibility | Customer tenant responsibility |
|---|---|---|
| SaaS platform | Hosting, maintenance, security controls, backup, logging. | Business setup, user governance, internal operating rules. |
| End-customer data | Processing as data processor under customer instructions. | Purpose, legal basis, and transparency obligations. |
| Data subject rights | Operational support for export, correction, and deletion workflows. | Formal response and legal validation of requests. |
Governance controls
Access governance
Role-based access with least-privilege principles and regular access reviews.
Traceability
Critical event logging to support audits, investigations, and accountability.
Data lifecycle
Retention and deletion controls adapted to operational and legal constraints.
Incident response
Structured incident process: assessment, containment, remediation, notification.
Sirwaji supports regulated and high-trust industries. Each tenant remains responsible for its sector-specific legal obligations and internal compliance policies.