Are you looking for an IT Legal Framework that will help your organisation monitor, evaluate and assess compliance with the regulatory requirements related to your information technology? Are you looking to address the legal aspects of IT Governance, Risk, and Compliance (GRC) in a practical way to real-world issues?

Our Michalsons IT Legal Framework translates the law into what you must do to comply with it. It helps you to apply the law to your specific organisation in a practical way, following a risk-based approach. Some people call it an IT Compliance Framework, but we prefer legal because it deals with governance, risk and compliance. For each regulatory requirement, we provide you with guidance.

  • A description of the regulatory requirement.
  • The risks of non-compliance.
  • The law or regulation from where the requirement comes.
  • Our recommendations on what to do to comply.

How do you benefit from the Michalsons IT Legal Framework?

  1. Reduce your legal risk profile.
  2. Demonstrate the application of the IT governance and compliance aspects of the King Code and COBIT.
  3. Implement current best practice.
  4. Manage the risks of non-compliance.
  5. Avoid legal problems, difficulties, and disputes.
  6. Keep your board informed of relevant laws.

Many organisations have used the framework with great success

We have put all our knowledge, experience and insight about IT Law into this one document so that you address the important things. This is a legal framework that assists organisations to do the following with their information, communications and technology (ICT):

Who should use the IT Legal Framework

  • IT Governance officers and specialists – to govern IT
  • Compliance officers – to effectively comply with IT laws
  • Information officers – to balance access to information and protection of personal information
  • Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on IT issues
  • Information Security Officers (including CISOs) – to secure IT
  • CIOs and IT Managers – to manage IT
  • CAEs, auditors and assurance providers (internal and external) – to audit and provide assurance regards IT
  • CROs and Risk Managers – to address IT legal risks

“It is increasingly used as a vital reference tool by our internal audit team” – A financial services provider.

Who does it apply to?

This framework is for all organisations, including public and private bodies, profit and not-for-profit organisations, and organisations in all sectors.

We continually update the IT Legal Framework

We continually update the IT Legal Framework, having done so since 2002. Laws and risks change, and therefore the framework needs to be updated often. We are currently busy with the next major update.

What do you get?

The framework currently only covers South Africa. If you would like us to extend the framework to cover another country in addition to South Africa, please ask us for a quote.

You will receive a document in an editable format. We always strive to minimise the framework’s size by focusing on the most significant risks. In this way, we act as a filter for you, bringing only the most critical risks and controls to your attention.

Some people use a Compliance Action Plan together with the framework. The framework sets out the generic regulatory requirements that IT law requires every organisation to do. The action plan contains what the specific organisation has done or is going to do to comply with IT Laws. The framework and plan are separate but related documents.

Learn more about IT Legal Compliance