We assist companies in becoming compliant with national and international data protection laws such as POPI, GDPR and the US Privacy Shield.
We follow a meticulous process of first determining which, if any, data protection legislation, regulations or statutes are applicable to your organisation. We reach our conclusion by drafting an inventory of your corporate information assets. once this inventory concludes that your organisation is indeed subject to a specific or several legislation, regulations or statutes, we then proceed to perform a legal assessment and gap analysis for you. During this process, we will identify the threat agent, threat motivation, vulnerabilities to be exploited, likelihood of an attack, as well as the potential impact a successful attack may have on your organisation.
Compliance with latest IT-related IT Laws, Regulations, Standards & Codes such as:
- POPI Compliance
- PAIA Compliance
- GDPR Compliance
- US Privacy Shield Compliance
- Preparation of Compliance Processes & Toolkits
The Compliance & Toolkits Process involves:
- Performing an Initial Risk Assessment for Company
- Classification of information – Information Mapping
- POPI_Security_Risk Assessment_Physical_Security Measure
- Security_Risk Assessment_Technological_Security Measures
- Security_Risk Assessment_Procedural Security Measure
- Mapping current and potential threats to the company’s information assets
- Determining threat motivation
- Identifying vulnerabilities that may be exploited in the company specifically relating to corporate information assets
- Likelihood Determination
- Impact Assessment
- Risk Mitigation
IT POLICY DEVELOPMENT
We will assist you in reviewing, drafting and implementing all IT-related policies relevant to your company. All policies are written in plain, simple to understand language with as little as possible legal jargon used.
We specialise in:
- Reviewing and Redrafting your company’s IT-Related Policies, Service Level Agreements, Terms & Conditions and Disclaimer
- Acceptable Use of IT in the workplace policy
- Bring your own device (BYOD) or personally owned devices policy
- Mobile technology policy
- Telecommuting policy
- Computer use policy
- Email use policy
- Internal facing privacy policies
- Internet use policy
- Social media policy
- Email archiving policies
- Electronic signature guidelines
- Access control policy
- Protection of Personal Information Policy or Data Protection Policy
- Monitoring or interception of communications policy
- Protection from Malicious Software policy
- Physical and environmental security policy
- User accounts and passwords policy
- Incident response policy
- Backing up of information policy
Although all the policies are written in plain language it does take into account who the target audience is for whom the policy is written. All policies are written in the format of a similar template which makes it much easier for employees to initially understand and get to grips with it. All the policies furthermore contain the following unique elements:
- It identifies a Campaign for the policy, therefore a person who will act as the focal for any inquiries regarding a specific policy.
- The policies spell out in no uncertain terms what employees are allowed to do and what actions are prohibited.
- The policy sets out the respective responsibilities for all relevant role players.
The action Human Rights are entitled to take in case a specific policy is not adhered to is set out clarity in each respective policy
Review, redaft and amend (where necessary):
- existing website terms and conditions;
- existing disclaimer
We provide legal opinions relating to IT legislation, policy and legislative developments in any of the following focus areas:
- Online Privacy and Data Protection
- IT Governance
- Data Retention
- Intellectual Property in Cyberspace
- Data Destruction
- Electronic & Advance Signatures Law
- Information Security Law
- IT Risk Management
- Social Media
- Online Contracts
- King IV
- US Privacy Shield
- Artificial Intelligence
- Drones & the Law
- IT Law & Job Applicants
- IT Policies in the Workplace
- Electronic Communications and the Employer-Employee Relationship
- Internet Law
AWARENESS & TRAINING
Our staff members are all industry-wide professional speakers having spoken at hundreds of international and national conferences, seminars, lectures and workshops. Our speakers are used to presenting in front of small groups of people as well as many as 900 delegates with ease.
- Board and top management briefings – We know that the success of any the project begins and ends with buy-in from top management. We furthermore believe that a well-informed board and management will be able to make the correct decisions especially regarding such a dynamic subject matter as information technology and cyberlaw. We therefore frequently address the top management at executive meetings on a wide range of topics. Not only does the board have a fiduciary responsibility to keep abreast of the latest developments in their company, including in the domain of information technology, but it is only once they understand the impact this discipline has on their company as a whole, they will be able to make informed decisions.
- We realise that breeding a data protection and specifically information security culture within the company requires the education of a wide range of employees, ranging from mid-level management to call centre staff members.
- A major distinguishing feature of how Securance operates that we come to you. Therefore you and your staff do not have to waste valuable time being stuck in traffic. we have also found that employees feel more comfortable to engage with speakers and ask questions when they are in an environment they feel comfortable in.
- Guest speakers – We are often asked to be speakers and panellists at conferences and workshops around the world, covering different topics relating to our focus areas.
We have found that the most popular requests for speaking engagements are in the following areas:
- POPI Compliance;
- GDPR Compliance;
- The legal Implications of Information Security Law;
- IT Governance;
- King IV;
- The Transfer of information outside the borders of South Africa;
- “Tweet now pay later” The Legal consequences of social media network postings;
- Data Protection;
- Online Privacy;
- Access to Information;
- Online Contracts;
- Advanced Electronic Signatures;
- Cybercrime Bill;
- Liability of the ISP;
- Cloud Computing.
Drafting and Reviewing IT-related legal documents such as:
- Service Level Agreements
- Online Contracts & Agreements
- Confidentiality Clauses
- Standard Binding Contracts
- E-mail Disclaimers
- Privacy Notices
- Hiring, employment contracts, termination issues and other employment issues from an IT-related perspective
- Preparation forms and templates specifically relating to corporate information technology issues
INFORMATION SECURITY & DATA PROTECTION
Organisations face the constant threat of cyber-attack. Creating an effective cyber risk strategy to mitigate the risk of cybercrime is the only way to ensure your survival, but cyber security management can be complex and costly. With so many standards, best practices and technical controls to choose from, how do you get started on your plan?
We assist organisations in:
- Identifying and appointing an information officer of Data Protection Officer depending on the jurisdiction in which they function;
- Assisting in performing an information assets inventory while simultaneously classifying corporate information assets;
- We performing risk assessments and make recommendations on risk mitigation
- We drafting all physical technological and procedural security policies required for the relevant organisation
- We training all levels of staff on the content and consequences of these policies;
- We preparing the staff and its management as to what to do if an information security incident occurs, why to contact and what process to follow;
- We ensuring a corporate culture is built within the company where information is monitored and maintained on a continuous basis.