Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

Experienced, skilled and practical assistance in building capability and improving performance.

Quick and effective value delivery and the governance of risk management.

POPIA Compliance Framework and Monitoring System

POPI Compliance FrameworkThe Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy.  To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons. 

A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.   

More about the POPIA Compliace Framework and Monitoring System ...

Information Officer’s Role in System Design

The information officer has two important roles regarding system design. The first is to give advice and guide responsible parties about compliance with the conditions for the lawful processing of personal information. The second is to confirm compliance with the conditions for the lawful processing of personal information.

To be effective, information officers need to be involved from the very beginning of any system design and will require access to information about the business requirements, system design, system management, service delivery, information security and the related privacy concerns.

Information officers will need an appropriate level of detailed knowledge and understanding of the data processing as well as access to the facilities, system components and information about the design and operation.

System development

For each individual module (or project milestone) in a development programme, the information officer should confirm with the project team that the agreed-upon implementation of the module complies with the conditions for the lawful processing of personal information.

Typical tasks that involve the information officer are:

  • Documenting personal data-relevant business processes
  • Defining the master data
  • Determining the reporting system
  • Examining the information flow of personal data, application interfaces and data flows to other systems
  • Establishing personal information processing criteria
  • Evaluating the user authorisation concept
  • Evaluating test plans
  • Defining migration and legacy data transfer.

Reliability of Information Officers

Information officers have a long term responsibility to the responsible parties, data subjects and the regulator for ensuring that the design of systems results in the lawful processing of personal information. The advice information officers give to system designers needs to be reliable so that the choices they have are correctly evaluated and appropriate decisions are made regarding the processing of personal information.

Often system designers and service providers focus only on getting systems to work well at solving a particular problem or delivering a specific service. They forget that an important property of processing personal information is to do so lawfully and therefore protect individual rights, enable intervention and inspection the data processing system, have it changed, and if necessary, shut off the system completely.

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.


COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.


POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.


Go to top