IT GRC for Privacy
The Privacy Act does not specifically addresses IT governance, risk management, compliance and security. The fact that the Act requires due regard to specific industry or professional security practises as well as the use of terms such as integrity and availability leads one to believe that many organisations will have to ensure that an appropriate and reliable IT governance, risk and compliance (GRC) and information security management system (ISMS) is in place. It is in this particularly instance where the relationship between POPIA and King 3/4 comes into play. The world of GRC has become increasingly more complex with the continuous evolvement of technology capabilities such as cloud computing, bring your own device (BYOD), social media and big data.
The Magna team understands the complexity of these changes in the workplace and is experienced in delivering IT GRC and security programs in South Africa.