Security Positioning Statement

Our Commitment to Security

Woodcrest — Advocates, Tax & Advisory is committed to maintaining robust information security practices that protect our clients, our people, and the integrity of our professional services. We recognise that in the legal and advisory sectors, the confidentiality and security of client information is both a professional obligation and a fundamental duty of trust.

This statement sets out our approach to security across our systems, communications, and operational practices.

Data Protection

We implement appropriate technical and organisational measures to protect personal and confidential data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Access controls and role-based permissions across all systems and platforms.
• Secure, encrypted communication channels for client correspondence where applicable.
• Use of reputable, enterprise-grade cloud platforms (including Zoho) with established data security certifications.
• Regular review of data management procedures and vendor security postures.
• Staff training and awareness on data protection obligations and safe communication practices.

Our data practices are further described in our Privacy Policy.

Client Confidentiality

All information shared with Woodcrest in connection with a client engagement is treated as strictly confidential. Our advocates and staff are bound by professional confidentiality obligations under the Advocates Act, the rules of the Uganda Law Society, and our internal confidentiality policies.

We do not disclose client information to third parties except where required by law, by court order, or with the client's express consent.

Platform Security

Our client and staff portals are built on Zoho Creator, a cloud platform that maintains enterprise-grade security infrastructure including data encryption at rest and in transit, multi-factor authentication, and regular penetration testing. Access to our portals is restricted to authorised users through credential-based and SSO authentication mechanisms.

Our website is served over HTTPS. We recommend that all users access our website and portals from secure, up-to-date browsers and avoid using public or unsecured Wi-Fi when accessing sensitive information.

Fraud & Impersonation Warning

Woodcrest will never request payment, bank account details, or personal financial information via unsolicited email, SMS, or messaging platforms. We will never request money in exchange for employment opportunities.

If you receive any communication purporting to be from Woodcrest that:

• Requests payment, a transfer of funds, or sensitive financial information
• Uses a domain or email address other than @woodcrest.ug
• Asks you to act urgently or in secret
• Offers employment, a grant, or a prize without prior contact

please treat it with extreme caution and contact us immediately. Woodcrest accepts no liability for loss or harm arising from fraudulent communications by third parties impersonating our Firm.

Incident Response

In the event of a suspected security incident, data breach, or compromise of our systems or client information, Woodcrest will act promptly to investigate and contain the incident, notify affected individuals where required by law, and take remedial action to prevent recurrence.

If you believe you have identified a security vulnerability in our website or systems, please report it responsibly to admin@woodcrest.ug. We are committed to addressing legitimate security disclosures promptly and in good faith.

Contact