Improved Govt IT systems = improved service delivery

By Brandon | January 24, 2012 @ 1:26 pm

The latest auditor-general report (on National Audit Outcomes) cited the lack of adequate IT systems across government as a key obstacle to service delivery.

Failings highlighted include:

In short, the auditor-general (AG) found that practically none of South Africa’s national government departments and public sector entities have sufficient IT systems in place.

Corporate Governance Compliance and Data Protection

By Natasha | October 28, 2011 @ 1:23 pm

Data Protection & Corporate Governance Compliance in South Africa

Compliance & Legalities around business Data Protection in South Africa

Protecting data correctly and effectively is a paramount business continuity imperative. Not only do organizations with ineffective data protection strategies face the immediate costs and productivity interruption of data loss, they leave themselves vulnerable to data theft, unauthorised access to confidential files and are liable for legal penalties and criminal consequences due to failed corporate governance compliance.

Responsibility for protection of data cannot be left as IT’s problem- stewardship and buy-in is required at an executive level to avoid negligence, prevent reputational damage and to implement a solution that addresses areas of vulnerability.

The reality of data mismanagement is increasingly consequential. Failure to address your organization’s risks with urgency only increases exposure and the probability of suffering financial and legal penalties.

Often however, Acts and Reports are long-winded, making them difficult to digest and complicated to drill down to tangible and actionable items. However, without securing your data and ensuring that your data protection covers all the bases- the personal and organizational consequences can be detrimental.

We’ve broken down the main Acts and Reports pertaining to data protection in enterprise environments and placed them in the table above as an easy reference, there are certain guidelines & requirements that all companies must follow:

HIPAA Compliance | Simplify with data protection

By Natasha | August 4, 2011 @ 10:30 am

Easier & Ensured HIPAA Compliance

HIPAA compliance | Protecting the Privacy of ePHI – effective user data backup

For an introduction to HIPAA read our comprehensive blog on HIPAA compliance

In order to prevent unauthorised access to private information, Health Care institutions need a reliable endpoint data backup software security solution.

Data that isn’t effectively protected is left vulnerable to data breaches and data loss- negating any attempts at data privacy and resulting in HIPAA non-compliance.

Loss of user data is a pervasive security problem among global companies, according to a survey released by Ponemon Institute and Vontu, a San Francisco-based provider of data loss prevention products[1]

According to the survey, which queried nearly 500 information security professionals, Eighty-one percent of companies reported the loss of one or more laptops containing sensitive information during the past 12 months,

Lost data can result in:

•  Access to confidential PHI by unauthorised parties
• Reputational damage
• Compliance consequences
• Legal action

The kind of user data protection solutions required to protect health care data in the modern, mobile, world are endpoint device focused – developed ‘from the ground up’ to provide IT with a simple, reliable and rapid response tool to secure, backup and recover data from laptops, desktops and other devices.

HIPAA Compliance in Enterprises

By Natasha | August 4, 2011 @ 9:57 am

HIPAA compliance: An introduction to how enterprise endpoint data backup software simplifies HIPAA compliance

Understanding HIPAA requirements

HIPAA compliance is a legal imperative for all health plans or health care providers who transmit health information in electronic form. Failure to comply with HIPAA regulations results in financial penalties, legal action and reputational damage.
One of the most actionable aspects of HIPAA is effective protection of patient data. Not only can an organization implement solutions that address data security, but tangible operational benefits can be derived from these solutions, while removing the risk of data loss or data breach and the resulting failure to comply with legislation.
HIPAA covered Entities require the following four basic foundational benefits, in accordance with compliance needs, from a data protection solution:

• Centralized control of organizational data
• Automated, simple & secure data backup
• Fast & reliable data recovery
• Data reporting for simpler audits and compliance reviews

8 Winning strategies for endpoint data continuity: # 7

By Natasha | July 13, 2011 @ 10:40 am

Gaining operational value from compliance

Having an endpoint solution that ensures GRC and compliance is increasingly important due to stringent regulations and the legal consequences that can result from negligence. An organization’s inability to comply often leads to reputational damage and can mean serious consequences if confidential data is lost and accessed by unauthorized parties.

Cibecs addresses Corporate Governance compliance by:

• Ensuring end user data is protected
• Providing the company’s Board with the ability to demonstrate a policy-based, fully automated solution that ensures protection and archival of their business-essential user data.
• Encrypting data in the backup process, thereby controlling access to information and ticking another governance and compliance box

Cibecs enables a company to report on back-up activities, thereby demonstrating that the company is pro-actively addressing the risks associated with loss of data and critical business information.

Want to know more?

Visit our comprehensive Data backup and recovery resources

Turning corporations into Kingdoms: GRC and Data Backup

By Brandon | May 6, 2011 @ 6:01 am

King III Requirements in South Africa and Business Corporate Governance considerations

This post is an overview of King III Requirements in South Africa

Our other Compliance Resources

Company Compliance Checklist

Breakdown of all Company GRC Compliance Requirements

Our free Data Risk Assessment App – Understand your business risk

King III Compliance Legislation

Compared to the 800 pound, legal gorilla called the Sarbanes-Oxley Act, King III comes across as something of a softie in the world of corporate governance.
It’s not legislated and therefore not enforceable. Moreover, it takes the mild stance of “apply or explain” over “do or else”. However, a deeper inspection reveals a subtle and intelligent approach to ensuring its adoption.

Kongfused about King III?

By Natasha | April 19, 2011 @ 9:15 am

To many companies, GRC (governance, risk and compliance) is a giant ape scaling the office walls.

As technology becomes more pervasive and critical to business success, the hairy creature that is GRC also gains in its complexity. Legislation surrounding various aspects of corporate governance, especially the management of business critical and personal data, further adds to the risk mix that companies are exposed to.
South African Judge Mervyn King identified this exposure and has, since 1994, led the way in establishing an (internationally recognized) benchmark by which boards of directors could measure their compliance in all aspects of business.
The King III Report is his latest offering, with a greater focus on IT governance – separating the “information” and “technology” components to assist companies in managing this critical business component.

According to the report, “The board should understand the strategic importance of IT, assume responsibility for the governance of IT, and place IT governance on the board agenda.” King III strongly emphasises the point that, when it comes to GRC, a company’s board of directors can delegate responsibilities and functions of it but, ultimately, they are accountable for it.