ICT GOVERNANCEAND PROTECTION
What is ICT Governance?
ICT governance is a facet of enterprise corporate governance and it is aimed at ensuring that organisations manage their IT risks effectively and in line with the overall business objectives. ICT governance frameworks enable organisations to produce measurable results toward achieving their ICT strategies and goals.
Across the globe, organisations are subject to multiple legislative & regulatory requirements that govern the protection of confidential information, financial accountability, data retention and disaster recovery, among other things. Organisations must also provide assurance to shareholders, stakeholders, and customers that they have a robust ICT environment. To ensure that organisations meet relevant internal and external requirements organisations can implement a formal ICT governance program that provides a framework of best practices and controls.
What is GDPR?
The General Data Protection Regulation (GDPR) is a pan-European data protection law.
The EU’s Data Protection Directive of 1995, and all other member state laws that have been based on it, including the UK’s DPA (Data Protection Act) of 1998, is superseded by the GDPR. Regulations and Directives are the two major types of legislative acts that are enforced by states of the EU. Regulations apply directly to all EU member states and are binding. Directives, on the other hand, are goal agreements that member states must achieve with domestic legislation.
What does the GDPR do?
The GDPR allows European Union data subjects to have more control over their personal data and how it is processed. Organisations will also be required to comply with a new range of rules and obligations regarding the processing of the personal data of their clients.
Who does the EU GDPR apply to?
The GDPR applies to all European Union (EU) organisations that gather, store, and process any personal data of citizens and people residing in the EU.
The rules and obligations stipulated by the GDPR also applies to all organisations based outside the EU that perform services and offer products to any EU residents, which include monitoring or processing their behaviour or personal data.
What are data controllers and processors?
A data controller is a person, public authority, agency, or body that determines the processes of personal data. A data processor processes data on behalf of a data controller. The requirements for compliance depend on whether you are a data controller or processor.
What does GDPR require you to do?
- Governance and accountability.
- Perform data protection impact assessments when processing. operations are considered as high-risk.
- Ensure that personal data is kept safe and secure through the implementation of technical and organisational measures.
- Steer a GDPR meeting which includes staff awareness training.
- Appoint a data protection officer where necessary.
The benefits of GDPR compliance
There are great advantages to GDPR compliance. By approaching data protection correctly, your organisation can enjoy the enhancement of its reputation by building better customer relationships with existing and potential new customers.
Other benefits of complying to the GDPR include:
- A risk reduction of data breaches.
- An increase in information security.
- Gaining a competitive advantage because of increased customer trust.
How Can WWISE help you with GDPR?
ISO 27701:2019 Security Techniques is the extension to ISO/IEC 27001 and ISO/ IEC 27002 for Privacy Information Management (also Personal Information Management). WWISE can implement an Information Security Management System aligned to ISO 27001 and 27701 which will assist your organisation in complying to GDPR. Simply contact us today!
What is King IV™?
If King IV™ required a one-word synopsis, ‘transparency’ would be the best word to describe it. The predecessors of King IV™ created the foundation of complete corporate governance being a vital component of good corporate citizenship. The idea of good corporate governance stems from the recognition that organisations form an integral part of society, therefore, organisations are held accountable to any current or future stakeholders. King IV™ has introduced an ‘apply and explain’ regime which recommends the transparency of organisations throughout the application of their corporate governance practices.
King IV™ reiterates that good corporate governance goes beyond a quick tick box or compliance exercise, and should be considered as a universal, integrated collection of measures that require an extensive understanding and should be implemented in an integrated manner. King IV™ recommends that the King IV™ Code be applied in a sensible manner to ensure that an organisation’s practices are interpreted accordingly. This ensures that an organisation takes full advantage of the benefits offered by this facet of corporate governance.
Benefits of King IV™
King IV™ assists organisations to reap the benefits of complying with corporate governance. The King IV™ governance comprises 17 principles that encourage an organisation to move beyond merely complying and moving towards creating actions that relate to and integrate with an organisation’s context, which in turn will shift them towards accomplishing their goals. Corporate governance exists to produce positive outcomes for organisations through implementation.
The list of key benefits includes:
- Boosted reliability and improved reputation. A well-governed organisation is better suited to access financing at more desirable rates, ensuring the organisation is more appealing to investors and shareholders. These organisations tend to attract loyal customers and talented employees.
- Good governance leads to more control, transparency, and a stronger resistance to fraud. White-collar crimes are currently one of the greatest risks for organisations as they are often underreported.
- Good corporate governance enables organisations to mitigate risks more successfully to add to their disaster recovery capabilities, ensuring the organisation is more robust.
- Corporate governance codes oblige governing bodies to create succession plans for high-profile leaders to avoid any interruptions in leadership, which can be detrimental to an organisation.
How Can WWISE Help you with King IV™?
King IV™ has principles related to ISO 9001:2018 Quality Management Systems and ISO 31000:2018 Risk Management Guidelines to assist in ensuring a framework of Good Governance. The ISO 37000 Guidance for the Governance of Organisations. Key principles and relevant practices and a framework to guide the governance of organisations in how to meet their responsibilities so that they can fulfil their purpose. It is applicable to all organisations, regardless of type, size, location, structure or purpose.
WWISE can assist in implementing ISO 9001:2018 in conjunction with ISO 31000:2018 and ISO 37000:2016 to assist organisations with Governance best practices.
What is ITSM- ITIL?
The Information Technology Infrastructure Library (ITIL) is a framework which aligns IT services with business needs. ITIL processes tasks, procedures, and checklists that are not company specific but can be part of an organisation’s strategy plan to maintain competency. The framework can be used to demonstrate compliance and measure improvement within a business.
The benefits of ITIL
- Aligns IT solutions with business requirements.
- Effective service delivery.
- Improved services and data processing.
- Realistic Service Levels.
- Improvement of the Return on investment (ROI).
How Can WWISE help you with ITIL?
At WWISE, we recognise the importance of ITC Governance. We offer consulting, implementing, and training services, as well as the development of business specific ITIL systems against the ISO 20000-1:2018 IT Service Management System Requirements Standard. We assist with Implementation to prepare an organisation for ISO 20000-1:2018 certification. With our 100% certification rate, you can rest assured your business will conform.
What is COBIT 5?
COBIT stands for Control Objectives for Information and Related Technologies, quite a mouthful isnʼt it? Basically, COBIT is a framework created by the Information Systems Audit and Control Association (ISACA) for Information Technology Management and IT Governance. The framework highlights and defines the generic process of IT Management processes, relative objectives and outputs, key processes and Objectives. The framework measures performance and maturity using the Capability Maturity Model (CMM) which is a tool to study data collected from organisations contracted in the U.S Defence force.
Benefits of COBIT 5
- COBIT is a world recognised IT management framework with globally accepted principles, practices, tools. and models that increase trust.
- The framework can be implemented within organisations of any size.
Additionally, COBIT can be aligned to the ISO 27001:2013 Information Security Management System Standard.
WWISE cannot certify your organisation against COBIT 5. We can however introduce you to the ISO 27001:2018 Information Security Management System. This Information Security Management system (ISMS) will ensure you comply with the principles of COBIT 5. By implementing this ISMS, you will reap benefits through:
- Time and cost savings.
- Improved productivity and customer satisfaction.
- Your organisation’s senior management has efficient ways to manage areas of responsibility as they are clearly defined.
Once certified, you will gain credibility in the industry and a competitive edge, especially when tendering for public work projects. Certification shows your customers that you follow standardised procedures and give them the assurance of consistency. You also benefit from quality measures. Once the systems are in place, you can ensure on-time and high-quality service delivery, a decrease in returned products, less time spent in handling complaints, and improved employee morale.
What is Prince2?
PRINCE2 is the abbreviation used for PRojects IN Controlled Environments. The tool is a structured project management and practitioner certification programme. PRINCE2 highlights the importance of breaking down projects into manageable and controlled stages.
These principals are adopted across the globe, in the UK, Western European countries, and Australia. The principles are available in many languages.
Benefits of Prince2
PRINCE2 assists with methods for managing projects within a clearly defined framework. This framework does not guarantee seamless project management, as it is dependent on the complexities of projects. Benefits include:
- Increased product quality.
- Effective resource optimisation.
- Boost in confidence amongst the project team.
Limitations and Certification of Prince2
|PRINCE2 2017 Foundation: confirms the holder has sufficient knowledge and understanding of PRINCE2 and is able to work on projects using this framework.|
|PRINCE2 2017 Practitioner: confirms that the holder has achieved a good understanding of the application of PRINCE2 within a given scenario. A qualified PRINCE2 Practitioner who will go on to study the APMP qualification of the Association for Project Managers (APM).|
|PRINCE2 Agile Foundation: Confirms the holder has enough knowledge and understanding of PRINCE2 to utilise the framework in an agile way.|
|PRINCE2 Agile Practitioner: Confirms the holder can apply the project management principals of PRINCE2 and combine the principals with the agile concepts such as Scrum and Kanban.|
Training and Certification
PRINCE2 certification is awarded by AXELOS, while training is provided by an Accredited Training Organisation (ATO), with a final examination to be granted accreditation.
While PRINCE2 is not a principal or framework facilitated by WWISE, we offer several Management System solutions that can assist your business to prepare and gain the expert advice to manage projects accordingly.
What is the POPI Act?
Why do you need it?
- Ignorance of the law is no excuse
The POPI Act applies to any public or private institution which processes personal information. This includes processing the personal information of other entities. It is a code of conduct by which all businesses must comply. The penalties for non-compliance range from penalties of up to R10 million or imprisonment of up to 10 years. Therefore, achieving legal compliance brings with it a reduction in the risks of restrictions on fines and lawsuits.
- Alignment to global best practice
Multiple jurisdictions around the world have already implemented data privacy legislations, such as the EU’s GDPR, the California Consumer Privacy Act, Australia’s Privacy Principles (APP), Canada’s Personal Information Protection and Electronic Data Act (PIPEDA) and Brazil’s Brazilian Internet Act amongst others. Therefore, compliance with the POPI Act assists organisations in aligning with global best practice in the field of Data Privacy.
- Transactions with global entities
Non-compliance with globally aligned legislation like POPI can restrict a company’s ability to transact with other companies in the information economy.
- Transparency in processing information
Compliance to the POPI Act assures stakeholders that an organisation will process information in a trustworthy manner. When consumers trust an organisation, they are more likely to share their private information with such an organisation. Therefore, POPI compliance becomes a marketable tool.
- Data Security Culture
South Africa is reported to have the third highest rate of phishing attacks in the world. Furthermore, it is estimated that South Africa loses R1 billion a year due to cybercrime-related activities. Therefore, compliance to POPI assists in instilling an organisation-wide culture of data security.
What are the benefits?
The benefits of complying with the POPI Act include:
- Aligning with International standards.
- Aligning with ISO 27001.
- Balance between the right to privacy and rights of access to information.
- Implementing the constitutional right to privacy by safeguarding an entity’s personal information.
How can WWISE assist?
WWISE simplifies compliance to the POPI Act by assessing your businesses’ current compliance to the Act against the measures that need to be taken for full compliance. Compliance with the POPI Act is aligned to the ISO 27001:2013 standard.