Governance

Our commitment to security, privacy, and ethical standards

Governance & Ethical Standards

At Fenko Limited, we’re committed to the highest standards of corporate governance, security, and ethical conduct. As a New Zealand-based cybersecurity company developing the RiskyPlugins platform, we operate with transparency, accountability, and integrity.

Corporate Structure

Company Details

  • Company: Fenko Limited
  • Jurisdiction: New Zealand
  • Registered Office: Auckland, New Zealand
  • Operations: Global, with remote-first team structure
  • Primary Product: RiskyPlugins security platform

Leadership Team

Our leadership team combines expertise in cybersecurity, software engineering, threat research, and business management to guide Fenko’s strategic direction and operational excellence.

Security Governance

Security-First Culture

Security is embedded in every aspect of our operations:

  • Product Security: All development follows secure coding practices and regular security reviews
  • Data Protection: Comprehensive data security measures following industry best practices
  • Incident Response: Established protocols for security incident management and disclosure
  • Third-Party Security: Rigorous vetting of suppliers and service providers

Risk Management Framework

We maintain a comprehensive risk management program covering:

  • Operational Risks: Service availability, data integrity, and system performance
  • Security Risks: Threats to our platform and customer data
  • Compliance Risks: Regulatory obligations across multiple jurisdictions
  • Reputational Risks: Maintaining trust and transparency with stakeholders

Privacy & Data Protection

Privacy by Design

Our approach to privacy protection includes:

  • Minimisation: We collect only data necessary for service provision
  • Transparency: Clear communication about data usage and processing
  • User Control: Tools for users to understand and manage their data
  • Compliance: Adherence to New Zealand Privacy Act 2020 and relevant international standards

Data Governance

  • Data Classification: Structured approach to data sensitivity and handling requirements
  • Retention Policies: Clear guidelines for data lifecycle management
  • Access Controls: Role-based access with principle of least privilege
  • Audit Trails: Comprehensive logging and monitoring of data access

Ethical AI & Analytics

Responsible Development

Our risk scoring and analysis systems are developed with:

  • Fairness: Regular testing for bias and discriminatory outcomes
  • Transparency: Clear documentation of methodologies and limitations
  • Accountability: Human oversight and appeal mechanisms for automated decisions
  • Continuous Improvement: Ongoing research and validation of our models

Research Ethics

Our security research program follows established ethical guidelines:

  • Responsible Disclosure: Proper vulnerability reporting and coordination
  • Data Ethics: Appropriate consent and anonymisation in research activities
  • Publication Standards: Peer review and responsible sharing of security findings
  • Collaboration: Working with security community and academic institutions

Regulatory Framework

We adhere to applicable legal requirements and industry best practices:

  • New Zealand Law: We operate in compliance with Companies Act 1993, Privacy Act 2020, and Consumer Guarantees Act 1993
  • Security Principles: We follow established information security management principles in our operations
  • Data Protection: We implement appropriate data protection measures for our customers, including considerations for international privacy requirements
  • Industry Standards: We incorporate best practices from recognized security frameworks and guidelines

Licensing & Legal

  • Intellectual Property: Respect for intellectual property rights in all operations
  • Open Source Compliance: Proper attribution and licensing for open-source components
  • Export Controls: Compliance with applicable technology export regulations
  • Terms of Service: Clear, enforceable agreements with customers and users

Transparency & Reporting

Public Transparency

We’re committed to transparency through:

  • Security Reports: Regular publications about our security posture and findings
  • Transparency Reports: Information about government data requests when we can legally share such information
  • Vulnerability Disclosure: Open communication about security issues and resolutions
  • Methodology Documentation: Detailed explanations of our risk assessment approaches

Stakeholder Communication

  • Customer Updates: Regular communications about service improvements and security matters
  • Community Engagement: Active participation in security research communities
  • Industry Collaboration: Sharing insights and best practices with the broader security community
  • Regulatory Cooperation: Working constructively with regulatory authorities

Internal Controls & Audits

Financial Controls

  • Accounting Standards: We maintain proper accounting standards in accordance with New Zealand requirements
  • Financial Review: Internal processes for financial controls and reporting
  • Budget Management: Responsible allocation of resources and financial planning
  • Tax Compliance: We fulfill all applicable tax obligations

Operational Controls

  • Quality Assurance: Continuous monitoring and improvement of service quality
  • Performance Monitoring: Regular assessment of service metrics and KPIs
  • Change Management: Controlled processes for system updates and changes
  • Business Continuity: Disaster recovery and business continuity planning

Stakeholder Engagement

Customer Relations

  • Support Excellence: High-quality customer service and technical support
  • Feedback Integration: Systematic incorporation of customer feedback into product development
  • User Education: Resources and guidance for effective security practices
  • Partnership Opportunities: Collaborative approaches to solving security challenges

Community Involvement

  • Security Research: Contribution to security research and knowledge sharing
  • Education: Supporting cybersecurity education and awareness initiatives
  • Industry Participation: Active involvement in security conferences and working groups
  • Open Source: Contributing to open-source security tools and frameworks

Continuous Improvement

Governance Evolution

Our governance framework is regularly reviewed and updated to address:

  • Emerging Threats: Adapting to evolving cybersecurity landscape
  • Regulatory Changes: Responding to new legal requirements and industry developments
  • Industry Best Practices: Incorporating established governance principles and methodologies
  • Stakeholder Feedback: Learning from customers, partners, and security community

Contact for Governance Matters

For questions about our governance practices or ethical standards, please contact:

Email: [email protected]

General Inquiries: [email protected]

Our commitment to strong governance is fundamental to earning and maintaining the trust of our customers, partners, and the security community. We continuously improve our practices to meet the highest standards of corporate responsibility and operational excellence.