POPI Security Safeguards – an essential part of compliance
POPI Security safeguards are an essential part of compliance with the POPI Act / POPIA, as well as with Data Protection and Privacy practices and regulations such as GDPR. They are also essential capabilities for protecting your organisation against a broad range of information threats and vulnerabilities.
The key requirement for Security in the POPI Act lies in Condition 7 of the Act – Security Safeguards. It requires that organisations must secure the integrity and confidentiality of personal information. It further states that organisations must apply generally accepted security practices and procedures in order to secure personal information. These should be applied through appropriate, reasonable, organisational and technical measures.
In GDPR, the Security of Processing requirements contained in article 32 state that organisations should implement appropriate, technical and organisational measures to ensure a level of security appropriate to their information risk. This is very similar to the requirements found in POPIA.
So, what are appropriate, reasonable, organisational and technical measures? The appropriateness and reasonable aspects come down to identifying the personal information risks to which your organisation is exposed and how you manage these risks. It further comes down to how you define, mitigate and manage these risks.
The POPI Act / POPIA also requires organisations to consider generally accepted security practices and procedures. To a large extent these translate to applying Information Security management systems, standards or frameworks. The most widely accepted Information Security management standard is found in the ISO27000 series, specifically in ISO27001.
More recently, we are seeing a strong focus on Cyber security because of increasing cyber threats. While the 2013 version of ISO27001 includes controls for Cyber security, the NIST (US National Institute of Standards and Technology) Cyber Security Framework and the UK Government’s Cyber Security scheme are also gaining popularity.
If you haven’t already established a system for managing information and cyber security, we recommend that you start by taking our free online 20 Question Cyber security Health Check. This will help you to obtain a basic view of your current security practices.
We also offer more comprehensive Cyber Security Assessments based on both NIST Cyber Security Framework and the UK Government’s Assessment in our product set. In addition Cyber security, we are also experienced in ISO27001/2 from a broader Information Security Management perspective and offer an assessment tool covering the mandatory requirements.
We offer the following Information and Cyber Security services to help organisations assess and enhance their security postures:
- Information and Cyber Security Assessment services;
- Development of Security roadmaps and implementation plans;
- Assistance with the development and implementation of Information Security Management Systems (ISMS)
- Penetration and Vulnerability Testing
- Provision of security technologies such as encryption and data loss prevention solutions.
Please contact us for more information about our Information and Cyber Security services.