Why choose the IT Governance Network?
Global leaders in the design and implementation of IT governance frameworks and mechanisms.
More than 10 years experience in the protection of personal information (POPIA).
Consulting services, software solutions and wide range of training available.
POPIA Compliance Framework and Monitoring System
The Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy. To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons.
A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.
More about the POPIA Compliace Framework and Monitoring System ...
Tools for the information officer
The Regulations relating to the protection of personal information require information officers to ensure that internal measures are developed together with adequate systems to process requests for information or access thereto.
COBIT 5 Assessments
How mature is your IT organisation? Are your service providers any better? An ISACA certified COBIT 5 assessor can provide you with an accurate assessment of your organisation's capability and guide your organisation in building the desired capability following a formal, highly regarded, internationally recognised approach.
Many assessments of capability have no formal basis and therefore provide varying results. An ISACA certified COBIT 5 assessor will ensure that the results are credible.
Before you outsource you services check the service provider's capability, and if not acceptable make it a condition of the ongoing relationship that the service providers achieves a suitable capability level for your organisation.
GDPR and POPIA
The General Data Protection Regulation (GDPR) is the European Union's data protection legislation. It applies to organisations located within the EU and organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. In most respects it is similar to the Protection of Personal Information Act (POPIA), however it does not apply to juristic persons. In South African juristic persons are afforded data protection similar to that for natural persons.
Preliminary Assessments
The Protection of Personal Information Act requires all organisations to review their current practices relating to the processing and use of personal information to ensure the privacy related risks are being properly managed. A POPI impact assessment is a structured approach to gathering and analysing the impact.
Regulations of the Information Regulator
The Information Regulator has issued Regulations relating to the protection of personal information. These Regulations clarify some of the requirements of the Protection of Personal Information Act and add further obligations related to the processing of personal information.
100% POPI Compliance is not possible!
Asking for a checklist to become POPI compliant is about the same is asking for the recipe to become rich. There will always be someone willing to sell you a "get rich quick checklist", however rarely do they actually make you rich!
The same is true for the POPI Act!
King IV - a Corporate Governance update
Organisations are finding it necessary to contend with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices suitable to the organisation and able to sustain value creation.
POPI Obligations of Service Providers
Service providers will have direct legal obligations in respect of the personal data they have in their possession or under their control. The Protection of Personal Informaton Act enables all data subjects to request service providers to confirm whether or not they are processing the data subject's personal information and enables data subjects to claim compensation for unlawful processing of their personal data directly from the service provider if there is no other responsible party.
ICT Governance Implementation Tool
Implement the ICT Governance Policy Framework quickly and effectively using this specifically designed implementation tool that will customise your ICT Governance implementation to your organisation's specific needs.
Don't miss the DPSA's deadlines, get your ICT organisation up-to-date quickly using this tool. Developed by persons who have been working with the DPSA's ICT Governance Policy Framework this tool will reduce the effort required to fulfil the requirements.
POPIA: Unlawful Cloud Services
Processing in the cloud has many benefits, but when is unlawful?
King IV Corporate Governance Assessment
Assess the current level of your organisation's corporate governance using this King IV assessment tool.
COBIT Assessment as a Service
Conduct a COBIT assessment using this COBIT Assessment-as-a-Service.
POPIA Preliminary Assessments
POPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.