IT legal compliance assessment, gap analysis or audit

IT legal compliance has become very important. Information Technology (IT) is probably ubiquitous in your organisation and you probably depend on it. IT has enabled us all to do great things. But while using it, we must comply with the laws that relate to it. Ensuring that your organisation complies with IT laws, rules, codes and standards (including POPIA) is an onerous and overwhelming task. IT laws deal with intangible concepts (like data messages) and require knowledge of both the law and ICT. If you feel overwhelmed, you are not alone.

We have been helping organisations with IT compliance for over fifteen years. We have developed a great offering that can help you comply in an effective and practical way. Many organisations use our offering to complement their existing compliance activities (which are usually significant).

We can assist you by doing an IT Legal Compliance Assessment, Gap Analysis, or Audit. There are many good reasons to do and benefits to be gained by doing one of these. They essentially serve to highlight IT governance, risk and compliance (IT GRC) issues across a wide variety of areas, all of which need to be mitigated and addressed.

The building blocks of IT Legal Compliance

We have grouped the issues under main categories:

• Protection of Personal Information Audit (to check whether you comply with POPIA)
• Intellectual Property (to identify, protect and enables exploitation of your valuable IP)
• Electronic Process (to ensure that an automatic or electronic process is lawful and binding)
• Plain Language Document (we check your existing documents and where necessary convert existing documents into plain language without losing legal effect or weakening your rights)
• Social Media (will establish the current state of affairs regards social media and your organisation)
• Website (we ascertain the extent to which the organisation’s website complies with applicable law)
• Monitoring (to check that you are monitoring communications lawfully)
• Electronic Communications and Transactions (to ensure the legality of transactions that you conclude electronically (including contracting by email and SMS), the legal issues around electronic VAT invoices and email)
• Information Sensitivity (to identify what “sensitive” information you possess, what laws apply to such information and how to restrict access to and handle it)
• Document Imaging (to check the organisation’s document imaging practices)
• Access to Information (to check compliance with access to information or freedom of information laws)
• IT Goods or Services (the acquisition, management and disposal of IT goods and services)
• Information Security (to check your compliance with information security law)

Our general approach to IT Legal Compliance assessment, gap analysis or audit

At a high level, we follow the following approach :

1. We assess where you (especially your IT environment) currently are – we do this by assessments and questionnaires – having done this for many years now we know what questions to ask.
2. We determine the IT laws that apply to your organisation – identify risks and threats
3. We then determine the gap between your reality and your compliance – by conducting a gap analysis and risk analysis
4. We then recommend solutions that you can implement in order to comply – an Action Plan

The Deliverables

The deliverable is an IT Legal Audit Report that includes:

• a List of IT Laws and our IT Legal Framework,
• A GAP analysis report – including a level of maturity rating in different areas and an overall legal risk status, and
• A Compliance Action Plan