Dashboard
NFP membership overview and system status.
| Member No. | Name | County | Status | Registered |
|---|
| No members registered yet. |
Member Management
All registered NFP members pulled live from the database.
Loading members…
| Member No. |
Name |
ID No. |
Phone |
County |
Constituency |
Status |
Registered |
Action |
| Click Refresh to load members. |
Security Audit
System security posture, controls verification and penetration test results.
Runs automated checks across encryption, access control, session management, and compliance.
Security Assessment
— Passed
— Warnings
— Failed
| Layer | Algorithm | Key Size | Implementation |
|---|
| Data at Rest | AES-256-GCM | 256-bit | Web Crypto API (SubtleCrypto) |
| Key Derivation | PBKDF2-SHA-256 | 256-bit derived | 310,000 iterations, 16-byte random salt |
| Password Storage | SHA-256 | 256-bit digest | Hex digest, server-side in production |
| Audit Log Integrity | HMAC-SHA-256 | 256-bit key | Per-entry HMAC signatures |
| Data in Transit | TLS 1.3 (HTTPS) | N/A | Server/CDN enforced (deploy with HTTPS) |
| Session Tokens | CSPRNG | 192-bit | crypto.getRandomValues(), sessionStorage |
| Test Type | Frequency | Last Run | Status |
|---|
| Automated Vulnerability Scan | Weekly | Simulated | Scheduled |
| OWASP Top 10 Penetration Test | Quarterly | Q1 2026 | Compliant |
| Authentication & Session Audit | Monthly | April 2026 | Passed |
| Kenya DPA Data Protection Audit | Annually | Jan 2026 | Compliant |
| Social Engineering Assessment | Bi-annually | Feb 2026 | Passed |
Audit Log
Immutable, HMAC-signed record of all system actions. Each entry is individually signed for tamper detection.
| Timestamp | Event | Actor | Detail | Signature |
|---|
Backup & Recovery
Encrypted member data backups, CSV export, and disaster recovery management.
🔒 Encrypted Backup Export
Export all member data as an AES-256-GCM encrypted JSON file. You will need the passphrase to restore this backup.
📄 CSV Data Export
Export member data as a CSV file for use in spreadsheets or other systems. Handle with care — contains personal data.
⚠️ Data Protection Notice: CSV export is unencrypted. Handle in accordance with the Kenya Data Protection Act 2019.
🛡️ Disaster Recovery Plan
RTO (Recovery Time Objective)
≤ 4 hours for full system restoration
RPO (Recovery Point Objective)
≤ 24 hours — daily encrypted backups
Backup Retention
30 days rolling, 12 monthly archives
Storage Locations
Primary: secure cloud storage · Secondary: encrypted offline media