IT compliance has become very important. Information Technology (IT) is probably ubiquitous in your organisation, and you probably depend on it. IT has enabled us all to do great things. However, when using it, we must comply with the laws that apply to it. Ensuring that your organisation complies with IT laws, rules, codes, and standards (including POPI) is a daunting and overwhelming task. IT laws deal with intangible concepts (such as data messages) and require knowledge of both the law and information and communication technology (ICT). If you feel overwhelmed, you are not alone.
We have been helping organisations with IT compliance for over fifteen years. We have developed a great offering that can help you comply in an effective and practical way. Many organisations use our offering to complement their existing compliance activities (which are usually significant). Our offering is made up of parts:
- A List of IT Laws, which ensures you are aware of all the legal and regulatory requirements related to IT.
- An IT Legal Framework, which helps you to apply the law to your specific organisation in a practical way, following a risk-based approach.
- A practical workshop on IT GRC. We offer private workshops at your venue, specifically for attendees from your organisation, as well as public workshops. It will help you to determine what is relevant to your industry and organisation – it will fast-track your efforts.
- An IT Legal Compliance Assessment, Gap Analysis, or Audit where we check your compliance with particular laws.
- A Compliance Action Plan, which contains what the specific organisation has done or is going to do to comply with IT Laws.
We often provide these offerings together for one fee, but we also offer them separately to provide you with the flexibility to follow the approach that suits you. Some people just want the workshop, others just the framework or list.
IT Law Subscription
We also offer the list and the framework on a subscription basis (monthly or annual), which entitles subscribers to updates, and discounts on workshops and publications. Email us to ask for a quote.
How they fit together
IT compliance has become codified in the IT Governance chapter in King III. King III says that companies “must comply with all applicable laws”. When considering such compliance, “the board should ensure that all IT related laws, rules, codes and standards are considered”. Many of our client’s don’t know what these “applicable…IT related laws, rules, codes and standards” are. So we have put together the List of IT laws to tell you what they are.
Once you have these laws, what do you do next? We have developed an IT Legal Framework that will help organisations apply IT GRC in a practical way to real issues and comply with IT laws. We use it as a control tool for the various IT legal audits we conduct, and recently have made it available to clients who want to use it as a tool themselves. Often, our clients use it in conjunction with a Compliance Action Plan.
The IT GRC workshop is a key element because this is where we apply our knowledge and experience to your specific circumstances. This is where we:
- Do a high-level assessment of your organisation.
- Help you to work out which IT laws, rules, codes, or standards are relevant to you.
- Help you to identify your significant issues.
- Help you to evaluate and assess compliance with external legal and regulatory requirements related to IT.
- Explain the List of IT Laws and IT Legal Framework and help you to determine the relevance of them to your organisation.
- Demonstrate how to use the documents.
- Create an awareness of the legal aspects of IT GRC.
- Transfer skills and knowledge to your organisation so that you can use the List of IT Laws and IT Legal Framework.
Larger organisations often want us (as an independent external professional legal adviser) to conduct a compliance audit in addition to the workshop.
Benefits of our approach to IT compliance
- Reduce your legal risk profile.
- Demonstrate the application of the King Code and COBIT.
- Implement current best practice.
- Manage the risks of non-compliance.
- Avoid legal problems, difficulties, and disputes.
- Keep your board informed of relevant IT laws, rules, codes and standards.
How do we help you with IT Compliance
- Identify what IT laws, codes, standards, and best practices are relevant to you.
- Determine their impact on you.
- Fast-track your compliance efforts.
- Gain clarity on your current position and where you need to be.
- Help you to find solutions to fill gaps – determining what solutions you need.
- Prioritise your next steps.
Interested?
If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.