Pesa Wire

Cybersecurity & Information Security Framework

Effective Date: 12 July 2026
← All policies

This framework establishes verifiable cyber resilience for the Pesa Wire payment gateway and money transfer platform. It is designed to meet the rigorous expectations of the Bank of Uganda's risk-based supervision, operating under the classification of a “Complex IT Profile” due to the platform's high transaction velocity, interconnectivity, and aggressive technology adoption.

1. Cyber Governance and Leadership Oversight

Governance is treated as a systemic business imperative rather than a back-office technical function, ensuring alignment with regulatory mandates that carry severe financial penalties (up to 2% of gross earnings) for non-compliance.

2. Information Security and Data Privacy Controls

Pesa Wire aligns its data defense strategies with both BoU mandates and the Financial Consumer Protection Guidelines to ensure consumer trust and data sovereignty.

3. Threat-Led Defense and Vulnerability Management

A proactive defense posture ensures that Pesa Wire is continuously stress-testing its own perimeters rather than relying on theoretical compliance.

4. Cyber Resilience and Incident Response

Shifting from prevention to resilience, this section guarantees the continuity of service even when digital barriers are compromised.

Resilience MetricProtocol Description
Assume-Breach Paradigm Architecture is designed on the assumption that an attack will eventually succeed. The network is highly segmented to isolate breaches, preventing lateral movement and ensuring critical money transfer and forex trading services remain operational during a crisis.
Mandatory Breach Reporting Transparent, immediate reporting of material security incidents to the Bank of Uganda within stipulated regulatory timeframes (typically within 24–48 hours). This ensures absolute compliance with BoU directives and accountability under the Computer Misuse Act.
Rapid Incident Response Team A dedicated, cross-functional Incident Response Team (IRT) trained to execute documented containment, eradication, and rapid recovery procedures. Post-incident, the team conducts rigorous forensic analysis to prevent recurrence.

5. Third-Party and Ecosystem Security

Because Pesa Wire does not operate in a vacuum, systemic risk introduced by partners is heavily regulated.

Richard Bigabwa
Chief Executive Officer
Email: support@pesa-wire.com
Website: pesa-wire.com
Main Office (Ntinda): Plot 2114 & 2115, Block 216, Level 6 A6-02, Ntinda, Nakawa Division, Uganda
Branch Office (Town): Kimathi Avenue Plot 2, UAP Insurance Building, Office No. 3, Kampala Central, Uganda