Information Security Solutions & Services

Governance Risk & Compliance

Back to Information Security Solutions & Services

PREVIOUS – Vulnerability Assessment

NEXT – Phishing & Awareness Training

GRC is the integrated collection of capabilities that enable an organisation to reliably achieve objectives, address uncertainty and act with integrity.

GRC represents the capabilities that integrate the governance, management and assurance of performance, risk and compliance activities.

GRC is viewed as an integrated collection of all capabilities necessary to support Principled Performance and does not burden the business, it supports and improves it.

Our model to help organisations achieve compliance:

ISO27000 Series Implementation

ISO/IEC 27001:2013 (also known as ISO27001) is the international standard that sets out the specification for an ISMS (information security management system). Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.

Independently accredited certification to the Standard is recognised around the world as an indication that your ISMS is aligned with information security best practice. Part of the ISO 27001 series of information security standards, ISO 27001 is a framework that helps organisations “establish, implement, operate, monitor, review, maintain and continually improve an ISMS”.

  • Hosi Technologies can help your organisation understand ISO 27001 accreditation and achieve certification with a range of solutions to support your project.
  • We can help you achieve ISO 27001 certification quickly and hassle-free with our DIY packages, internal audits, managed services and more.

POPI Act Implementation

The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.

The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.

The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information, and account numbers. The most affected industries are financial services, ecommerce, online payment, healthcare, and marketing.

What is the POPI Act timeline?

POPI commenced on 1 July 2020. Giving you a 12 month grace period to get your organisation POPI compliant by the POPIA deadline of 1 July 2021. POPIA will be regulated by a new Information Regulator while within your organisation, your Information Officer is the key person to ensure compliance.

POIA Consulting

We are currently helping hundreds of organisations comply with the POPI Act.

  • POPIA Implementation
  • POPIA Awareness workshop
  • POPIA Audits

PCI Compliance

Hosi Technologies helps organisations with Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.

  • Hosi Technologies helps IT executives and IT decision-makers seeking a primer as well as up-to-date information regarding PCI compliance best practices and specific technology recommendations, including cloud-based PCI compliant hosting options.

IT Security Policies

Information Technology (IT) Security Policy identifies the rules and procedures for all individuals accessing and using an organization’s IT assets and resources. Effective IT Security Policy is a model of the organization’s culture, in which rules and procedures are driven from its employees’ approach to their information and work.

  • Hosi Technologies helps organisations develop effective IT security policy which are unique documents for each organisation, cultivated from its people’s perspectives on risk tolerance, how they see and value their information, and the resulting availability that they maintain of that information.

PREVIOUS – Vulnerability Assessment

NEXT – Phishing & Awareness Training