GENERALLY ACCEPTED INFORMATION SECURITY PRACTICES AND PROCEDURES FOR POPI
POPI requires responsible parties to implement generally accepted information security. ISO 27001 is an internationally standard widely recognised as the reference for generally accepted information security practices and procedures. ISO 27001 requires that organisations establish, document, implement and maintain an information management system to protect personal information.
This 2 day course provides delegates with an understanding of the International Organisation for Standardisation’s (ISO) standard for information security management – ISO 27001. Delegates will learn about the integrated process approach for information security management and how to extend their current activities in line with international standards.
The Protection of Personal Information Act requires that effective information security be implemented and continuously improved. An ISO 27001 information security management system (ISMS) ensures that the information security strategy and practices are aligned with the enterprise’s business needs and strategic goals regarding privacy. An appropriate implementation of ISO 27001 will assist responsible parties demonstrate their commitment to have properly addressed the POPI requirements.
Participants will gain an understanding of the ISO 27001 standard, its requirements and how to correctly implement an information security management system for POPI. On completion of this seminar participants will be able to:
- Demonstrate an understanding of the ISO 27001 specification for Information Security Management and its application to satisfy the Protection of Personal Information Act
- Communicate the requirements for ISO 27001 standard
- Plan the implementation of an ISO 27001 management system in accordance with the needs of the POPI Act.
- Assist an organization implement the ISO 27001 requirements for information security management
- Assess the extent an organization adheres to the ISO 27001 specification and fulfils the POPI Act requirements.
Participants will learn through discussion and practical examples how to design and implement information security in accordance with the ISO 27001 requirements for information security management and the Protection of Personal Information Act.
This seminar includes topics about:
- Overview of the ISO/IEC 27001 specification
- The scope and purpose of an information security management system in the context of the POPI Act
- Defining an ISMS policy and framework for setting objectives, risk management and regulatory compliance
- Understanding an organization’s information security requirements for compliance with the POPI Act
- Developing and implementing an information security management system to fulfil the requirements of POPI
- Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation’s ISMS.
- Using the “Plan-Do-Check-Act” (PDCA) model for the continuous improvement of information security
- Implement and operate the generally accepted organisational and technical controls to manage an organization’s information security risks in the context of the organization’s overall business risks and the requirements of the POPI Act
- Monitor and review the performance and effectiveness of information security management for the POPI Act
- Evaluate the technical and organisational measures against the requirements of the POPI Act
- Continually improve information security to satisfy the requirements of the POPI Act.