Security

CCMS is hosted on managed cloud infrastructure using controlled server environments. Hosting controls may include:

• Secure data centre infrastructure
• Server-level access restrictions
• Firewall protection
• System updates
• SSL/TLS encryption
• Backup storage
• Disaster recovery planning
• Monitoring of platform health

Specific hosting, residency, or compliance requirements can be reviewed for enterprise clients by written agreement.

CCMS uses SSL/TLS encryption for data transmitted between users and the platform. Users should only access CCMS through the official HTTPS website or the authorized club portal.

CCMS supports role-based access so each user can be given access according to their responsibility. Typical roles may include:

Client clubs decide which users receive access and what each role can do.

CCMS can maintain audit trails for key actions. Audit records may include: login activity, record creation, record updates, approval actions, payment status changes, certificate activity, administrative changes, and user and role changes.

Audit trails help clubs review activity, investigate errors, and maintain accountability.

Users must protect their accounts. We recommend:

• Use strong passwords
• Do not share accounts
• Do not reuse passwords from other websites
• Log out on shared devices
• Report suspicious login activity
• Remove access for users who no longer work with the club
• Limit administrator access to trusted people

Inspedium may restrict access if an account appears compromised.

CCMS uses scheduled backups to support recovery from technical failure, accidental loss, or operational incidents. Backup practices may include:

• Daily backups
• Off-site backup storage
• Backup rotation
• Restoration testing
• Disaster recovery procedures

Backup availability and restoration scope depend on the client agreement and technical circumstances.

Each client club's records are handled within its own authorized platform environment or access structure. Users from one club cannot access another club's records unless such access has been authorized through a valid configuration or agreement.

Inspedium limits administrative access to people who need it for hosting, support, maintenance, troubleshooting, or authorized service delivery. Administrative access is handled under internal controls and confidentiality duties.

CCMS may integrate with third-party payment gateways. Payment gateways usually handle sensitive card or banking information directly. CCMS stores operational payment references such as transaction ID, payment status, amount, invoice number, and payment date. The selected payment provider remains responsible for its own payment processing environment.

CCMS development follows practical security practices, including: controlled code changes, review of sensitive workflows, input validation, permission checks, error review, bug fixing, and security-focused maintenance. Security improvements may be released as part of normal platform updates.

If we identify a security incident affecting CCMS, we will take steps appropriate to the issue, which may include: investigating the incident, restricting affected access, applying fixes, restoring services, reviewing logs, notifying affected clients where required, and supporting client-side review.

Client clubs must promptly report suspected misuse, unauthorized access, incorrect permissions, or suspicious activity.

Security is shared between Inspedium and each client club. Client clubs should:

• Choose trusted administrators
• Assign user roles carefully
• Review permissions after staff or committee changes
• Train users on safe account use
• Review suspicious activity
• Keep club devices secure
• Avoid uploading unlawful or unsafe files
• Confirm that official records are approved before publication
• Contact Inspedium quickly when something looks wrong

Users should:

• Keep login details private
• Use accurate personal and club information
• Access only records they are authorized to view
• Avoid downloading data without club permission
• Avoid sharing screenshots of private records
• Report errors or suspected account misuse
• Follow their club's rules and applicable laws

CCMS security depends partly on user behavior, client-side controls, internet providers, third-party services, and device safety. Inspedium cannot control:

• Weak user passwords
• Shared accounts
• Compromised user devices
• Malware on client systems
• Unauthorized internal sharing
• Third-party gateway outages
• Incorrect client-side permissions
• Public disclosure by club officials or users

For security questions or suspected incidents, contact:

• Email: [email protected]
• Website: https://ccms.inspedium.com
• Phone / WhatsApp: +92 332 8868888