Print
ICT Legal Framework
01/11/2009 – 1:35 pm by Lance MichalsonHistory of the Framework
In 2002 Michalsons started developing an ICT Legal Framework document as a control tool for use by us when conducting our ICT Legal Audit. “ICT” stands for “information, communication and technology” - see the article “What is ICT?”
Our ICT Legal Framework was developed in response to the promulgation of various laws relating to ICT that impacted on a company’s business to a greater or lesser extent. In many instances action was taken e.g. the company developed a Manual in response to the Promotion of Access to Information Act and an email disclaimer was put in place. However, there remained, and still remains, a lack of certainty amongst senior management on what needs to be done in order to gain comfort that the company has taken adequate steps to be appropriately positioned in relation to the requirements of the various ICT laws that have been enacted. Read our post “Has Parliament gone mad?“. For a list of some of the ICT laws, click here.
This has become particularly important since the passing of King III in September 2009 which specifically states that:
- “companies must comply with all applicable laws” principle 6.1(1)
- “when considering the company’s compliance with applicable laws, the board should ensure that IT related laws, rules, codes and standards are considered” - principle 5.5(33)
- “Effective IT frameworks … should be implemented with a view to:
- minimize risk,
- deliver value,
- ensure business continuity, and
- assist the company to manage its IT resources efficiently and cost effectively.” - Principle 5.3
The ICT Legal Framework assists companies comply with ICT law
Our Framework therefore assists companies comply with ICT law aspects of King 3 from a governance, risk and compliance (GRC) perspective.
Compliance Tool
Consideration of these issues has prompted the decision in many companies to identify an appropriate expert partner to assess their risks in this regard, and to produce a strategy that would enable the company to properly position itself in relation to South African law so as to best protect the interests of the company. On several occasions, Michalsons has been selected as that partner, and has successfully implemented one or more of our ICT Legal Audits. During those audits we have used the ICT Legal Framework as a control tool.
The ICT Legal Framework has been developed with the CobIT approach to “Legal Compliance” in mind and we endeavour to provide an assessment of your level of maturity.
Whilst the ICT Legal Framework was, and still is, used by us as an internal control tool by us during our ICT Legal Audits, it has also expanded into a standalone product which is being used by several of our clients as a “compliance tool” to address the risks posed by the use of technology in organisations, provides solutions which ensure compliance with South African legal requirements and implements best practice where sound business practice, rather than a legal requirement, dictates that the risk be addressed.
- Log in on the right if you have already registered OR
- Register now if your are an existing Michalsons Client and we will notify you by email once access has been approved after we have authenticated you.
We append below a limited extract of 1 of the 17 risk / compliance areas (procurement) by way of example.
If you would like more information about the ICT Legal Framework or a quote, please email info@michalsonsattorneys.com.
Similar Posts:
- Reasons for conducting an IT Governance Legal Audit
- Comply with the ICT laws that apply to you
- Draft and Review Information Security Policies
- Privacy and protection of personal information services
- Michalsons Information Security Policy Framework
Sorry, comments for this entry are closed at this time.