Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

Experienced, skilled and practical assistance in building capability and improving performance.

Quick and effective value delivery and the governance of risk management.

POPI Implementation Tool

iso 27001Fulfilling the requirements of the POPI Act might appear to be daunting. Where should one start and what are the priority issues? A POPI management system can help direct and coordinate the activities required in a POPI programmme and continuously improve the level of compliance and readiness to respond to instances of non-compliance with the POPI Act.

Find out more about our functionally rich POPI Management System that support small and large organisation's POPI implementations.

Jump start your POPI programme by starting with a POPI management system!   

More about POPI Management Systems ...

An operator processing personal information on behalf of a responsible party or another operator, must process such information only with the knowledge or authorisation of the responsible party. The operator must ensure that the personal information being processed on behalf of a responsible party is complete, accurate, not misleading and update to date.

The responsible party must clarify in its contracts with operators, the services that the operators are engaged to provide. The transfer of personal information to the operator must be limited to what is necessary for the operator to fulfil its contractual obligations.

Operators may not further process personal information unless the purpose is compatible with the original purpose for which it was collected unless consent was obtained.

Security Safeguards

A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.

Responsible parties are required to identify all reasonable foreseeable internal and external risks, and in terms of a written contract between the responsible party and the operator, ensure that the operator establishes and maintains the measures necessary to secure the confidentiality, integrity and accuracy of personal information in its possession or under its control.

Responsible parties may not enter into contracts with operators who cannot process personal information lawfully.

Technical and Organisational Measures

The contract between the responsible party and the operator must provide details of the technical and organisational measures that the responsible party has identified necessary for the operator to establish and maintain to address the internal and external risks to the processing of personal information, as identified by the responsible party.

The contract between the parties must also indicate that the responsible party understands the conditions under which the personal data will be handled by the operator.

The responsible party must verify that the operator has fulfilled its contractual obligations to implement and maintain effective technical and organisational measures to safeguard the data subjects’ rights.

The responsible party must validate the effectiveness of the technical and organisational measures implemented.

Service Provider Capability

Data subjects have the right to expect that the operator adheres to the conditions for lawful processing of personal information and therefore operators must be transparent in all aspects of the processing of personal information.

Data subjects have the right to request the deletion and destruction of personal information when this information is not accurate, irrelevant, excessive, out of date, incomplete or obtained lawfully. Operators will be required to destroy all personal information obtained unlawfully and may be requested to provide assurance that this was done properly.

At least annually, the responsible party must verify that the operators’ processing of personal information is lawful and the technical and organisational safeguards effective.

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

COBIT 5 implementation illustration

Illustration of the implementation of COBIT 5.

View video

COBIT 5 Assessment

Performing a COBIT 5 assessment.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Assessment as a Service

it governance oversightThe POPIA Assessment-as-a-Service is an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top