Consolidating divergent compliance requirements
Penalties for non-compliance to just one of the Act's that are currently being effected could be disastrous for organisations and they have a myriad of governance, compliance and risk requirements that they need to comply with. They find themselves trying to mitigate risks alongside technological advancements and legal requirements while remaining compliant to The Financial Intelligence Centre Act (FICA), The Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) and The Protection of Personal Information Act (POPIA). Can compliance to these Acts be synchronised through a single compliance programme? Or do they require their own checks and balances?
ITWeb Events spoke to Gideon Bouwer, cyber law and criminal law forensics specialist, about his topic at the ITWeb Governance, Risk and Compliance 2018 event titled: integrated compliance to consolidate divergent compliance requirements and eliminate duplicate controls. The event will take place at Summer Place, Hyde Park on 20 February.
ITWeb: How does one create integrated compliance to consolidate divergent compliance requirements and eliminate duplicate controls?
Bouwer: This can be done through the development of one single compliancy policy that addresses all the divergent compliancy requirements and centralising relevant data.
ITWeb: What are some of the benefits of having integrated compliance?
Bouwer: An integrated compliance policy can minimise, and even eliminate duplicate controls. It results in the centralisation of data and prevents unintentional data loss. It also forms part of an essential cyber security framework.
ITWeb: How can FICA, RICA and POPIA compliance be synchronised?
Bouwer: FICA, RICA and POPIA compliance can be synchronised through an analysis of regulatory requirements and identifying requirements that are the same or similar in nature. One then needs to develop and implement a policy that simultaneously complies with these duplicate requirements.
ITWeb: What top three key points would you like to leave the delegates with from your upcoming presentation?
Bouwer: I would like to leave the delegates with a summary of what regulatory requirements are duplicated in different regulatory regulations. I also would like for them to have the capacity to develop an integrated IT policy to consolidate divergent compliance requirements and eliminate duplicate controls. And lastly, I would like to provide a practical understanding of relevant regulatory requirements and how these apply to the relevant industries.