What is compliance?
Compliance is undertaking activities or establishing practices or policies in accordance with the requirements or expectations of an external authority. In South Africa, the public and private sector need to comply with Legal and Regulatory requirements like: POPI act (Privacy of Private Information), Public Finance Management Act, Regulations for the Interception of Communications Act, Electronic Communications and Transactions Act etc.
It is important to understand your organizations’ legal requirements to be able to have a proper discussion with your vendor regarding your technical solution requirements.
Apart from the legal requirements it is always important to remember that there are three aspects involved namely: people, process and technology. It is important to take this into consideration before you decide on technology.
All the requirements might not be applicable to your organization but many are standard. We will assist you with these requirements on request.
Based on this Legal and regulatory requirements, the information systems need to be able to provide the following functionality:
- Risk and Vulnerability Assessments.
- Control and manage changes on servers, databases and network devices.
- Ensure corporate policies are adhered to by deploying a Policy Management Tool – Ensure policy is read and understood by adding a test to ensure end user has read and understood the policy.
- Vulnerability assessments – Ensure assessments are done and reports are provided to ensure compliance are met.
- Encryption of critical Data
- Management and control of changes to servers, databases and network devices.
Comply with regulatory requirements for log data collection, analysis, reporting, archives and retrieval.