An increasing number of small and medium-sized enterprises (SMEs) are benefiting from information security and privacy professional services firm 4Di Privaca’s Protection of Personal Information (PoPI) Impact Self-Assessment service tool, says company CEO Drew van Vuuren.
Launched in October last year, the tool helps SMEs gain a greater understanding of the extent to which they must comply with the PoPI Act regarding the collection and processing of clients’ personally identifiable information by working through the six distinct assessment areas outlined by the tool.
“The PoPI Act was promulgated in November 2013 and, since then, organisations have been racing against the clock to take reasonable steps to comply with it,” says Van Vuuren.
He adds that the service, accessible through a secure online portal, takes an organisation through a series of questions addressing all the principles and conditions defined in the Act.
“The . . . tool . . . assesses the organisation against the specific requirements outlined in the Act, as well as how, when . . . and why organisations collect and process personally identifiable information,” explains Van Vuuren.
He adds that, rather than expecting the respondent to have read the Act in its entirety in an attempt to interpret what is required, 4Di Privaca’s questions have been designed to be easily understood by the average businessperson.Key Aspects
The assessment addresses all the key aspects of the Act, with more than 150 easy-to-answer questions and examples of the practical controls needed to meet the requirements of the Act, says Van Vuuren.
Each question has a description of the expected control measure that needs to be implemented. The tool also features a facility that enables users to communicate with experts to gain a clearer understanding of the requirements of the particular facet of the Act highlighted in the question.
“Designed to be completed in a few simple steps, with the flexibility to pause and return to the assessment, 4Di Privaca’s tool was created to enable businesses to work through the process of assessing where their risk exposures are in terms of PoPI compliance.”
Once a company completes the PoPI impact assessment, it is provided with a detailed report on its current risk exposures.
This report indicates how compliant the organisation is in terms of a percentage score, and provides remediation recommendations on how the organisation can review its broader business practices to ensure that it conducts the collection and processing of personally identifiable information in a way that ensures compliance with the Act, concludes Van Vuuren.