Why us? ICTCompliance offers our clients the full array of multi-disciplinary professional expertise and cutting-edge technological capacities required to be able to do the transition from a potentially hazardous compliance and governance position, to one of being confident to be able to withstand and manage attempted data and policy breaches, whilst scrutiny by the Regulators and due diligence professionals will not be viewed with uncertainty anymore.

We are able to coach your management team up comprehensively in terms of the international regulatory environments relevant to your operations and keep them up to date with any developments, and are likewise ready to equip your organisation with the technical capacities to get your organisation into a position of compliance, to maintain that position and also to deal with any attempts to compromise your technical environment.

We do the above with reference to experience gained over decades spent in the highest echelons of international business, exposure to business practices and cultures on all continents, and from an entrepreneurial perspective. In short, you can expect to be dealing with top professionals, best-of-breed technologies and service providers, in focused processes aimed at attaining measurable results cost-effectively whilst causing minimum disruptions to your day-to-day operations.

Why now? In South Africa the long-awaited promulgation of the Protection of Personal Information Act (POPI) has now happened and we are only awaiting the effective date. Some provisions are already in effect, so this game-changing piece of legislation has now become a part of our business lives. In Europe and also the USA, fairly tumultuous events and new regulatory arrangements are in process as you read this and anyone hoping to take part in international cross-border business will also come up to compliance assessments before being able to effect such business. In fact, all business with an international component by either the principals or their service providers will from now on have to pay cognisance to privacy laws and the broader compliance requirements.

Even over and above the regulatory requirements now in play, what with POPI authorising fines of up to R 10 million rand per transgression, consider that it is estimated that cybercrime cost the global economy around 500 billion US dollar in 2012. The impact of cybercrime includes loss of intellectual property and confidential information, reduced trust for online activities, additional costs for security, insurance and recovery, and damage to reputations. A vast number of enterprise closures and job losses are also attributed to it, 508 000 jobs in the US in 2012 alone.

In South Africa specifically, clients are urged to move on their POPI processes immediately and specifically because they still have the opportunity to avoid one of their crucial assets, their current databases, becoming instead one of their major risk factors. The POPI Act once promulgated allows only one instance, just one, for you to contact your data subjects without their specific consent or you will be in contravention of the law. However, if you should get your house in order prior to the POPI Act becoming law, you have a variety of ways of ensuring that they remain assets as opposed to risks, that you can lawfully and in compliance remain in touch with your data subjects and turn what could be a potentially perilously risky environment, into a positive and possibly competitive edge.

How and what next? ICTCompliance adheres to a strict quality policy and therefor prefers to deal with clients on an individual basis, as opposed to simply lecturing or presenting to a substantial number of people about the applicable laws and general technical considerations. ICTCompliance therefor mostly deals with clients individually and the process commences with a questionnaire being completed by the client, electronically or per telephone consultation.

The alternative is for a group of their own clients to be assembled by a firm of attorneys or accountants, for the purposes of collectively going through the orientation and training modules, and then splitting up for onsite processes.

These initial processes serve to design the coaching sessions in terms of people and material involved, from where an individual assessment, scoping and/or audit of the client compliance environment is done, a compliance strategy is compiled and presented, and assistance given with the implementation and management of such strategy. ICTCompliance can be contracted in to do individual components of the above, or the full process, and with or without our specialist capacity associates and each client has the opportunity to clearly define the services required. Practically, a client can stipulate that ICTCompliance deals with POPI-related matters only, or bring the entire enterprise in compliance mode and with reference to all relevant other legislative and regulatory measures such as PAIA, the National Credit Act, the Consumer Protection Act, the new Companies Act and King III, for instance.