Assessment focuses on conditions of POPI Act
The service, accessible through a secure portal, takes an organisation through a series of questions that addresses all the principles and conditions defined in the Protection of Personal Information (POPI) Act.
By working through the six distinct assessment areas, businesses will gain a greater understanding of the expectations of the Act and where they currently are in relation to the controls required around the collection and processing of personally identifiable information.
The POPI Impact Self-Assessment service takes an organisation through a step-by-step methodical process and assesses the organisation against the specific requirements of what is expected by the Act, and how, when, what and why organisations collect and process the personally identifiable information.
Key aspects of Act
Rather than expecting the respondent to have read the Act in its entirety and attempting to interpret what is required, 4Di Privaca have designed a set of questions that the average business person can understand. The assessment addresses all the key aspects of the Act, with over 150 easy to answer questions and examples of the practical controls that are needed to address the requirements of the Act.
Each question has a description of the expected control, and there is the facility to reach out to experts to gain a clearer understanding if the organisation taking the assessment is unclear as to what is exactly required by the specific control being referenced by the question.
Designed to be completed in a few simple steps and with the flexibility to pause and return to the assessment, the service is designed to allow businesses to work through the process of gaining a greater understanding of where their risk exposures are when it comes to complying with the Act.
At the completion of the assessment the respondent is provided with a detailed report on the current risk exposures, how compliant the organisation is in terms of a percentage score and remediation recommendations on how the organisation can review the broader business practices to ensure that they operate the collection and processing of personally identifiable information in a way that allows for them to be compliant towards the Act.