Asking for a checklist to become POPI compliant is about the same is asking for the recipe to become rich. There will always be someone willing to sell you a "get rich quick checklist", however rarely do they actually make you rich!

The same is true for the POPI Act!

More about POPI compliance ...

According to the DPSA, a Governance and Management of ICT system should be able to establish, assign and manage individual accountability and responsibilities with regards to the ICT function and its operations in accordance with the Corporate Governance of ICT Policy Framework implementation Guide.  

The following is to form part of the Governance and Management of ICT system:

  • Integration with the CGICT Policy Framework
  • CGICT Policy and Charter
  • CGICT Assessment Standard
  • COBIT 5 Processes:
    • APO01: Manage the ICT management framework
    • APO02: Manage strategy
    • APO10: Manage Suppliers
    • APO12: Manage Risk
    • APO13: Manage security
    • BAI01: Manage programmes and projects
    • DSS01: Manage operations
    • DSS04: Manage continuity
    • MEA01: Monitor, evaluate and assess performance and conformance
  • Mapping to the MPAT assessment criteria.

Better governance and management is to be achieved through implementing structures and functions, assigning roles and responsibilities, and building capability within a governance system that can implement:  

  • Minimum COBIT 5 Processes
  • Principles and policies
  • Organisational structures
  • Skills and competencies
  • Culture and behaviour
  • Service capabilities
  • Information management.

A Governance and Management system should also be capable of being expanded to address future requirements, including the following:

  • Service delivery structure of the ICT unit with its related functions, responsibilities, delegations and authorities
  • Stakeholders and other role players
  • Supplier Management
  • ICT Strategy management
  • ICT Plan implementation
  • ICT Risk management
  • ICT conformance and performance audit
  • Adhere to applicable ICT prescriptive requirements
  • ICT Program and Project (portfolio) management
  • ICT Continuity management
  • ICT Security management
  • ICT Service management.

Deliverables provided:

  • A fully functional, role based, Governance and Management of ICT system able to assign and manage individual responsibilities within the ICT unit
  • Process flow diagrams for each of the priority COBIT processes
  • Customisation of the COBIT 5 process activities for each of the priority COBIT processes in a manner suitable to implement governance and management of ICT within the ICT unit
  • Work package assignment
  • Workflow management indicating start and end times, planned and spent time
  • Progress reporting
  • Continuous improvement road map
  • Governance and Management system service desk.

CGICT policy framework

Implement the ICT Governance Policy Framework quickly and effectively using this specifically designed implementation tool that will customise your ICT Governance implementation to your organisation's specific needs.

Don't miss the DPSA's deadlines, get your ICT organisation up-to-date quickly using this tool. Developed by persons who have been working with the DPSA's ICT Governance Policy Framework this tool will reduce the effort required to fulfil the requirements. 

More about ICT Governance implementations ...

How mature is your IT organisation? Are your service providers any better? An ISACA certified COBIT 5 assessor can provide you with an accurate assessment of your organisation's capability and guide your organisation in building the desired capability following a formal, highly regarded, internationally recognised approach.

Many assessments of capability have no formal basis and therefore provide varying results. An ISACA certified COBIT 5 assessor will ensure that the results are credible.   

Before you outsource you services check the service provider's capability, and if not acceptable make it a condition of the ongoing relationship that the service providers achieves a suitable capability level for your organisation.

More about COBIT 5 assessments ...

Organisations are finding it necessary to contend with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices suitable to the organisation and able to sustain value creation.

More about King IV Corporate Governance...

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.


COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.


POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.


Go to top