POPI Security Safeguards – an essential part of compliance
POPI Security safeguards are an essential part of compliance with the POPI Act, Data Protection and recognised Privacy practices.
Questions may well be asked about the relevance of Security and POPI Act Compliance. The key requirement lies in Condition 7 of the act – Security Safeguards. It requires that organisations must secure the integrity and confidentiality of personal information. It further requires that organisations must apply generally accepted security practices and procedures in order to secure personal information. These should be applied through reasonable organisational and technical measures.
So, what are generally accepted security practices and procedures? To a large extent it comes down to applicable standards for security. The most widely accepted Information Security standards are found int the ISO27000 series. More recently, we are seeing a stronger focus on Cyber security because of increasing cyber threats. While the 2013 version of ISO27001 includes controls for Cyber security, we are also seeing NIST (US National Institute of Standards and Technology) and the UK Government’s Cyber security scheme being applied.
For practical reasons, we have provided a Cyber security Assessment based on the UK Government’s Assessment in our product set. We have also provided a 20 Question Cyber security Health Check, simplified but based on this, for you to carry out your own free online Cyber security Health Check. Click here to access the Health Check.
While we have based the Security Assessment on the above, we are experienced in ISO27001/2 from a broader Information Security Management perspective.
Please contact us for more information about our approach to assisting organisations to apply reasonable organisational and technical measures for POPI Act compliance.