This Information Security Overview describes the general security practices and controls applied by Black Manta Data Analytics (“the Firm”) in support of its website, analytics platforms, and client service engagements. The purpose of this document is to provide transparency regarding the Firm’s approach to safeguarding data, systems, and technical environments.
This overview is intended for small and mid-sized business clients, enterprise reviewers, auditors, and regulators. It is informational in nature and does not replace or modify any contractual security obligations set forth in executed agreements, statements of work, or data protection addenda.
This overview applies to systems, tools, and processes used by the Firm to deliver data analytics and technology services, which may include data engineering, business intelligence, data science, machine learning, AI development, AI consulting, and software engineering.
Security measures described herein relate to the Firm’s internal operations and service delivery environments. This document does not cover security controls implemented exclusively within client-managed systems unless explicitly agreed in writing.
The Firm’s security practices are designed to protect information assets that may include client-provided business data, analytical outputs, reports, dashboards, code artifacts, configuration files, and limited personal or contact information used for operational purposes.
The Firm processes such information only for purposes defined in the applicable engagement and limits access to authorized personnel with a legitimate business need.
The Firm’s security approach is guided by widely accepted principles, including confidentiality, integrity, and availability. Safeguards are selected based on the sensitivity of the information involved, the nature of the services provided, and the scale of the engagement.
Security controls are designed to reduce risk rather than eliminate it entirely. No system or environment can be guaranteed to be completely secure.
Administrative safeguards may include internal policies, access management procedures, role-based permissions, and internal guidelines governing acceptable use of systems and data. Personnel with access to client data are expected to follow established security and confidentiality practices.
The Firm may provide internal awareness or guidance to personnel regarding data handling and security responsibilities relevant to their roles.
Technical safeguards may include the use of authentication mechanisms, access controls, encryption where appropriate, monitoring tools, and secure configurations for systems used in service delivery.
The Firm applies technical measures proportionate to the services provided and the sensitivity of the data involved. Specific technical implementations may vary depending on the engagement, tools used, and evolving security considerations.
Operational safeguards may include procedures for managing system access, handling incidents, maintaining system availability, and supporting business continuity. The Firm seeks to minimize unnecessary exposure of data through least-privilege access and controlled workflows.
The Firm does not guarantee uninterrupted service availability and is not responsible for disruptions resulting from factors outside its reasonable control.
The Firm may rely on third-party service providers, such as cloud infrastructure platforms, development tools, analytics software, or monitoring services, to support service delivery. These providers operate under their own security and compliance frameworks.
While the Firm selects third-party tools suitable for professional use, the use of such providers does not transfer responsibility for data governance, regulatory compliance, or business decisions from the client to the Firm.
Clients remain responsible for the security of their own systems, networks, credentials, and data sources. Clients are also responsible for determining whether the Firm’s security practices are appropriate for their specific risk profile, regulatory environment, and operational requirements.
The Firm does not conduct independent security audits of client environments unless expressly agreed in writing.
Despite reasonable safeguards, security incidents may occur due to factors such as sophisticated attacks, system vulnerabilities, human error, or third-party failures. The Firm does not warrant that its security measures will prevent all unauthorized access or data incidents.
Security practices evolve over time in response to changing threats, technologies, and business needs.
This Information Security Overview is provided for informational purposes only. It does not constitute legal, regulatory, or security advice and does not represent a certification or guarantee of compliance with any specific standard or framework.
The Firm may update this Information Security Overview periodically to reflect changes in services, technologies, or security practices. The most current version published on the Firm’s website applies unless otherwise agreed in writing.
This overview is intended for general commercial use. Applicability and interpretation may vary by jurisdiction, and clients are responsible for understanding and complying with applicable laws, regulations, and contractual obligations related to information security.
