NSTF - Technical Overview
NSTF Awards Management System - Technical Overview
Section titled “NSTF Awards Management System - Technical Overview”Platform Architecture
Section titled “Platform Architecture”Technology Stack
Section titled “Technology Stack”- Frontend: React.js (responsive, mobile-friendly)
- Backend: Node.js / Python (configurable based on NSTF preference)
- Database: PostgreSQL (relational, ACID-compliant)
- File Storage: AWS S3 / Azure Blob Storage (encrypted, versioned)
- Hosting: South African data centers (POPIA-compliant)
System Architecture
Section titled “System Architecture”[User Layer] ├── Nominator Portal (Public Web Interface) ├── Adjudicator Portal (Authenticated Access) └── Admin Dashboard (Role-Based Access Control) ↓[Application Layer] ├── API Gateway (RESTful APIs) ├── Authentication Service (JWT Tokens) ├── Business Logic Layer └── Workflow Engine ↓[Data Layer] ├── PostgreSQL Database (Structured Data) ├── File Storage (Documents, CVs, Images) └── Cache Layer (Redis - Performance Optimization) ↓[Integration Layer] ├── Everlytic API (Email Campaigns) ├── NSTF Database Connector └── Third-Party Services (Payment, Analytics)Security & Compliance
Section titled “Security & Compliance”POPIA Compliance
Section titled “POPIA Compliance”- Data minimization (only collect necessary information)
- Consent management (explicit opt-ins)
- Right to access (nominators can view their data)
- Right to deletion (data purging workflows)
- Data breach notification procedures (24-hour SLA)
Data Security
Section titled “Data Security”- Encryption in Transit: TLS 1.3 (HTTPS)
- Encryption at Rest: AES-256 (database and file storage)
- Access Controls: Role-based access control (RBAC)
- Audit Logging: All data access logged and monitored
- Backup & Recovery: Daily backups, 30-day retention, 4-hour RTO
Authentication & Authorization
Section titled “Authentication & Authorization”- Multi-factor authentication (MFA) for admins
- Password policies (complexity, expiration, history)
- Session management (timeout after inactivity)
- API security (OAuth 2.0 / JWT tokens)
Penetration Testing
Section titled “Penetration Testing”- Annual security audits
- Vulnerability scanning (automated, continuous)
- Third-party security assessment available
Integration Capabilities
Section titled “Integration Capabilities”Everlytic Integration
Section titled “Everlytic Integration”- API-based connection (RESTful)
- Automated email triggers (nomination confirmation, status updates)
- Campaign management (bulk communications)
- Analytics sync (track email engagement)
NSTF Database Integration
Section titled “NSTF Database Integration”- Direct database connection OR API-based (based on NSTF infrastructure)
- Bi-directional sync (nominees → NSTF database, updates ← NSTF)
- Scheduled sync (hourly, daily, or real-time)
Future-Ready Integrations
Section titled “Future-Ready Integrations”- Zoom/Teams (event management)
- Payment gateways (membership fees, event registration)
- Analytics platforms (Google Analytics, Power BI)
- CRM systems (if NSTF adopts in future)
Performance & Scalability
Section titled “Performance & Scalability”Performance Targets
Section titled “Performance Targets”- Page Load Time: <2 seconds (95th percentile)
- API Response Time: <500ms (average)
- Concurrent Users: Support 500+ simultaneous users
- File Upload: Support files up to 50MB
Scalability
Section titled “Scalability”- Horizontal scaling (add servers as load increases)
- Auto-scaling during peak periods (awards deadline days)
- CDN for static assets (fast global access)
- Database optimization (indexing, query tuning)
Uptime & Availability
Section titled “Uptime & Availability”- SLA: 99.5% uptime (excluding planned maintenance)
- Monitoring: 24/7 automated monitoring, alerts
- Incident Response: 1-hour acknowledgment, 4-hour resolution SLA
Data Residency & Hosting
Section titled “Data Residency & Hosting”South African Hosting
Section titled “South African Hosting”- Data centers in Johannesburg/Cape Town
- Compliant with POPI Act Section 72 (data doesn’t leave SA)
- Redundant infrastructure (multi-AZ availability)
Disaster Recovery
Section titled “Disaster Recovery”- Offsite backups (geographically distributed)
- Recovery Point Objective (RPO): 1 hour (max data loss)
- Recovery Time Objective (RTO): 4 hours (max downtime)
Support & Maintenance
Section titled “Support & Maintenance”Ongoing Support
Section titled “Ongoing Support”- Business hours support (8am-5pm SAST, Mon-Fri)
- Email and phone support channels
- Ticketing system (priority-based SLAs)
- Escalation path (critical issues escalated to senior engineers)
Maintenance Windows
Section titled “Maintenance Windows”- Planned maintenance: Monthly (Sunday 2am-6am SAST)
- Emergency patches: As needed (with advance notification)
- Zero-downtime deployments (where possible)
Software Updates
Section titled “Software Updates”- Security patches (applied within 48 hours of release)
- Feature enhancements (quarterly releases)
- Technology stack updates (annual major upgrades)
Technical Owner: iSu Technologies CTO / NSTF IT Manager Last Updated: December 2, 2025