IT compliance has become very important. Information Technology (IT) is probably ubiquitous in your organisation and you probably depend on it. IT has enabled us all to do great things. But while using it, we must comply with the laws that relate to it. Ensuring that your organisation complies with IT laws, rules, codes and standards (including POPI) is an onerous and overwhelming task. IT laws deal with intangible concepts (like data messages) and require knowledge of both the law and ICT. If you feel overwhelmed, you are not alone.
We have been helping organisations with IT compliance for over fifteen years. We have developed a great offering that can help you comply in an effective and practical way. Many organisations use our offering to complement their existing compliance activities (which are usually significant). Our offering is made up of parts:
- A List of IT Laws, which ensures you are aware of all the legal and regulatory requirements related to IT.
- An IT Legal Framework, which helps you to apply the law to your specific organisation in a practical way following a risk-based approach.
- A practical workshop on IT GRC. We offer private ones at your venue just for attendees from your organisation, as well as offering public workshops. It will help you to determine what is relevant to your industry and organisation – it will fast-track your efforts.
- A Compliance Audit, where we audit your compliance with particular laws.
- A Compliance Action Plan, which contains what the specific organisation has done or is going to do to comply with IT Laws.
We often provide these offerings together for one fee, but we also offer them separately to provide you with the flexibility to follow the approach that suits you. Some people just want the workshop, others just the framework or list.
IT Law Subscription
We also offer the list and the framework on a subscription basis (monthly or annual), which entitles subscribers to updates, and discounts on workshops and publications. Email us to ask for a quote.
How they fit together
IT compliance has become codified the IT Governance chapter in King III. King III says that companies “must comply with all applicable laws”. When considering such compliance, “the board should ensure that all IT related laws, rules, codes and standards are considered”. Many of our client’s don’t know what these “applicable…IT related laws, rules, codes and standards” are. So we have put together the List of IT laws to tell you what they are.
Once you have these laws, what to do next? We have developed an IT Legal Framework that will help organisations apply IT GRC in a practical way to real issues and comply with IT laws. We use it as a control tool for the various IT legal audits we conduct and recently have made it available to clients who want to use it as a tool themselves. Often our clients use it together with a Compliance Action Plan.
The IT GRC workshop is a key element because this is where we apply our knowledge and experience to your specific circumstances. This is where we:
- Do a high-level assessment of your organisation
- Help you to work out which IT laws, rules, codes or standard are relevant to you
- Help you to identify your big issues
- Help you to evaluate and assess compliance with external legal and regulatory requirements related to IT
- Explain the List of IT Laws and IT Legal Framework and help you to determine the relevance of them to your organisation
- Demonstrate how to use the documents
- Create an awareness of the legal aspects of IT GRC
- Transfer skills and knowledge to your organisation so that you can use the List of IT Laws and IT Legal Framework.
Larger organisations often want us (as an independent external professional legal adviser) to conduct a compliance audit in addition to the workshop.
Benefits of IT compliance
Benefits of following our approach include to:
- reduce your legal risk profile;
- demonstrate the application of King III™ and COBIT;
- implement current best practice;
- manage the risks of non-compliance;
- avoid legal problems, difficulties, and disputes;
- keep your board informed of relevant IT laws, rules codes and standards.
How we help you with IT Compliance
We will help you to:
- Identify what IT laws, codes, standards and best practices are relevant to you
- Determine their impact on you
- Fast track your compliance efforts
- Get clarity on where you are and where you need to be
- Help you to find solutions to fill gaps – determining what solutions you need
- Prioritise your next steps.