Compliance and recovery

February 2014 Security Services & Risk Management

Hi-Tech Security Solutions: Corporate governance is a confusing topic. We have good guidelines as to how companies should be managed from the King Commission, but how do companies actually implement good governance without breaking the bank?

Darren Johnson: Corporate governance is essentially a set of rules or best practices adopted by an organisation that should, in essence, guide the board of directors and management’s decisions with regard to an organisation’s policies, procedures, strategies, etc.

There is however, both a financial and time cost implication often associated with corporate governance. Organisations must often employ individuals, or even entire teams, to ensure that these rules and practices are being abided by and, if mandated by the regulatory bodies, spend countless man-hours reporting on these matters.

Furthermore, this cost is often seen as wasteful or unnecessary by business and shareholders alike, however this ‘second line of defence’ is designed to ensure the long-term sustainability of the organisation in addition to protecting the organisation and its stakeholders from exposure to reputations damage, financial losses or even financial penalties.

Naturally, as with all facets of the organisation, efficiency is the name of the game and organisations must often balance the cost of governance with profitability. Organisations can optimise this through employing the right people for the job, ensuring policies and procedures are up to date and adhered to, or by creating a good corporate citizen culture throughout the organisation.

Hi-Tech Security Solutions: Tell us what the crucial aspects of corporate governance are that businesses today need to implement from a regulatory as well as from a performance perspective.

Darren Johnson: Organisations need to be profitable as well as be good corporate citizens. The result is that organisations are addressing governance – and ultimately their economic, social and environmental sustainability initiatives – through the implementation of performance and measurement programmes, such as historic and real-time reporting, post mortem assessments of governance issues, enforcement of organisational policies, assessing compliance against those policies, creating governance awareness, forecasting and re-modelling of governance issues and measures based on performance results, etc.

There is also a drive for the consolidation of governance related processes, such as incident and problem management across disciplines such as information security, business continuity and information privacy to manage the risk exposure of the organisation centrally to reduce legal, regulatory, financial and reputational impacts of incidents to ensure the resumption and sustainability of the organisation following an incident.

Hi-Tech Security Solutions: And let’s not forget the elephant in the room, 2014 is the year PoPI starts making directors nervous. What are companies doing about this new set of laws?

Darren Johnson: Organisations are assessing their current capability against the PoPI requirements in order to determine gaps and remedial actions. To remedy these gaps, organisations are implementing privacy programmes which include the implementation of, and not limited to, the following:

* Privacy management systems and structures.

* Data loss detection and prevention programmes and systems.

* Data and system classification standards.

* Document management systems and standards.

* Record retention programmes and standards.

* IT controls to enforce privacy policies and standards.

* Monitoring and filtering controls that manage the flow of information.

* Document and data inventories.

For more information contact ContinuitySA, +27 (0)11 554 8050,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.