An information security audit is growing in importance. Organisations have a keen appreciation that information has value, which people are prepared to pay for (hence the increase in identity theft, industrial espionage, etc.).

What is included in an Information Security Audit?

All companies have a legal obligation to address information security issues and the challenge is to identify precisely what they are obliged to do and what the scope of their legal obligations are to implement information security measures. This is going to become particularly important once the Protection of Personal  Information Act (POPI) commences. POPI is the South African data protection law.

We do not offer an audit on how technically good your information security measures are. We offer an Information Security Legal Audit where we audit your compliance with the information security laws that apply to you. For more about our approach and deliverables read more about our general comprehensive IT Legal Audit.

Why IT Policies are an Important Organisational Measure

Information security is done by taking appropriate, reasonable technical and organisational measures. Organisational measures include IT policies, which are essential in:

  • minimising exposure to vicarious liability,
  • assisting protect trade secrets, confidential and proprietary information,
  • document and support compliance with laws,
  • provide evidence needed for legal proceedings, and
  • probably most importantly, help avoid allegations of negligence.

We audit your IT policies as part of doing an Information Security Legal Audit.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.

You can also read more about our legal compliance offerings and the other compliance audits we offer. We also offer a workshop on Information Security law.