As more and more information is moved to more and more external destinations, companies face two major risks.
- The first is becoming targets for criminal activity.
- The second is failing to comply with changing government legislation and industry regulations that the PoPI act necessitates.
As a result, companies need far greater security and audit capabilities, especially over Internet-based data movement.
Do you know where your data is?
PoPI will significantly impact the way in which companies collect, store, process and disseminate information from and to clients, employees and customers. Given its scope, PoPI is set to affect every company, even those who only hold their own staff’s information.
The bill seeks both to support the right of South African citizens to privacy of personal information, and to bring South Africa in line with international data protection laws.
Section 19(3) of the PoPI Act of 2013 states that the responsible party must have due regard to generally accepted information security practices and procedures. These may apply to it generally or may be required in terms of specific industry or professional rules and regulations. In other words, ignorance is not an excuse.
As data movement grows within and between enterprises, it is becoming more important to effectively manage data transmission operations according to business priorities. Consequently, companies need secure data transfer and compliance mechanisms in place to move critical information both inside and outside of their organisations.
Old habits, new dangers
File Transfer Protocol (FTP) is a widely-used data-movement standard. It provides an unsophisticated and straightforward way to move files to and from remote platforms. However, unmanaged data movement can result in unproductive utilisation of network resources and unimportant or duplicate bulk data movement can impact critical data delivery.
There is, however, another possibly catastrophic set of security exposures that accompany the use of FTP. These, documented on the CERT website, include the ability to use standard FTP commands to create a denial of service situation, or exploit known vulnerabilities within the FTP daemons to gain administrative or root access.
The cost of complacence
If personal information is compromised, PoPI stipulates that the affected parties have to be notified immediately. FTP is just one of the existing data transfer solutions that, like e-mail, has been a staple of the technology sector that companies are going to have to look at closely if they’re to comply with PoPI and avoid the reputational, and potential financial, implications of breaches.
Person-to-person interactions are increasing and becoming as important to operational processes as applications are. Today, business users need to share many kinds of large files quickly and securely. As a result, there is no consistent way to deal with person-to-person file transfers, increasing the risk of exposing sensitive corporate data.
Knowledge of data movement and governance principles can help you help your business stay competitive. But, you may not be able to acquire this knowledge yourself because for most businesses, data management is incidental to their core business.
In that case, picking a suitably qualified partner to assist with PoPI compliance is essential. An appropriate partner is one that understands the importance of on-time, predictable and secure data movement and is able to select products that fit particular performance, management and security requirements.
Companies have a year to comply with PoPI. That’s far less time than it sounds like, particularly where complex business processes are involved. Those companies looking to remain ahead of the legislation — and their rivals — have already begun working towards achieving compliance, shouldn’t yours be?
[box style=”gray,info” ]5 Essential New Years’ Resolutions for Your Business[/box]
Innovative Business Solutions And Compliance
Compliance with certification is a strong way to demonstrate that you are managing your business proactively.
As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.
It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.
Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.
There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.
Related: Compliance For Entrepreneurs
Here are a few strategies that you can use to make your business more profitable in the future.
Innovative Marketing solutions
For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.
However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean? While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.
This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors. Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.
Compliance Breeds Confidence
It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.
For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.
With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.
In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.
Policies and Procedures – A Critical Business Support Tool
No longer just an administrative burden, policies and procedures are an essential business support tool in a complex business environment.
In South Africa, SMMEs account for more than 70% of the overall employment rate. It’s critical, therefore, that SMMEs maintain both stability and growth concurrently – our country’s economic development depends on it. However, the tension between stability and growth must be managed, particularly in today’s complex regulatory environment with its ever-increasing compliance requirements.
Smaller organisations often consider policy creation, management and distribution as an administrative burden. Fortunately, growing numbers of small business owners and managers are realising that accessible and clearly-written policies and procedures are essential to business success.
Companies that create, manage and distribute clear policies and procedures reap significant business benefits, some of which are highlighted below.
Consistency and Stability
Clear policies and procedures ensure that staff and management adhere to specific ways of working, minimising time spent on analysis and interpretation, while creating consistency and stability across the organisation.
Policies and procedures allow new hires to onboard quickly, while ensuring they adhere to standard practices and controls.
Health and safety policies not only protect staff, but also visiting clients and stakeholders.
It is important to define boundaries around a position or role. Employees must know and understand their respective responsibilities.
Standardised procedures lead to cost efficiencies from both time and resource perspectives.
Policies and procedures allow organisations working in different areas to develop a uniform approach to business processes which, in turn, supports internal staff transfer when and if required.
Businesses operate in a highly regulated environment. Proof of compliance is not only required in terms of the regulatory environment, but also in terms of risk management and governance. SMMEs do not always appreciate the value demonstrable risk management and governance structures can have, albeit as intangible assets. These structures enhance the oversight role of any business, providing more developed and sustainable business strategies. An additional benefit is the ability to manage liability arising from negligence or malpractice suits. It is no longer enough just to have a policy in place though – distribution and access must be shown.
SMMEs can create and develop a learning culture depending on the availability and distribution of policies and procedures. Tests and assessments linked to specific policies confirm knowledge transfer, formalising both learning and the eligibility to complete tasks.
Given the ever-increasing complexity and competitiveness of business today, policies and procedures provide the parameters and guidelines of business operations, enhancing efficiencies, increasing value and promoting professionalism. Policies and procedures are no longer just an administrative function, they are a critical tool for business success.
4 Vital Differences Between King III And King IV™ On Corporate Governance
Ilana Steyn, unpacks some of the most significant differences between the Institute of Directors in Southern Africa’s (IoDSA) latest report on corporate governance, the King IV Report, and its former version, King III.
April 2018 marks a year since the effective date of the IoDSA’s (Institute of Directors in Southern Africa) latest report, the King IV Report on Corporate Governance ™ (King IV™), on effective and ethical corporate governance.
What is the King Report?
If you’re not familiar with the King Reports: it’s a series of reports that translate international standards and big-time happenings on corporate governance into set of local principles. Each new Report replaces the former.
The aim of the King Report is to set up actionable principles for South African company leadership to act as modern, good corporate citizens.
It also ensures those in leadership positions act in the best interest of the company and all parties influenced by the company. The first Report, King I, published in 1994, and was the first officiated document of its kind in South Africa.
Why is it useful to my business?
The Report also promotes transparency within your company’s leadership to ensure transgressions aren’t hidden that will eventually damage the company. The Report also ensure blunders can be evaluated, found and corrected ASAP. Today, its mandatory for all JSE listed companies to implement the Report into their company policy.
If you’re a smaller business or a non-profit, you can comply with the Report voluntarily; by applying the principles you’re essentially ensuring the long-term sustainability and survival of the business.
It also helps that create a healthy corporate culture and when your business’s foundation is healthy, growth is unthreatened.
If you haven’t applied any of the former Reports in your business, you’re in luck; King IV™ is the simplest, and seemingly the most practical, Report in the family of four reports.
Why was King IV™ needed?
Companies, especially smaller businesses, often struggled to apply the King III due to its long-winded structure.
King IV™ was needed because King III, published in 2009, was out-dated in terms of present-day concerns like technological advances, the increased need for online transparency, long-term resource sustainability and information security.
Here’s the rundown of the most significant differences between King IV™ and King III.
1. King IV’s™ structure is much simpler to apply
While King III did a good job of summarising the extensive scope of effective and ethical governance into 75 principles, the Report still lacked clear guidance on real-world application.
Ensuring the effective incorporation of all 75 vague, ethical principles was too exhaustive for most companies to implement, monitor and account for.
That’s why King IV™ took a different structural approach. King IV™ boiled good corporate governance down to 17 simplified principles, each supplemented with various recommended practices to make it easier for smaller companies to implement the principles within their day-to-day running.
2. King IV™ spotlights practical implementation
King III lists multiple ethical principles and then commands companies to explain how their management and actions honour those principles. Unfortunately this meant companies approached it like a mindless compliance checklist.
King IV™ also states principles, but more importantly, requires organisations to actively report on the implementation of the recommended practices thereof.
Mervyn King, the chair of the King Committee, dubs this the shift from a “apply OR explain” mentality to a “apply AND explain” mentality. The Report also allows organisations to report on alterative-implemented practices – provided they support and advance the principle.
To make the application simpler to grasp, King IV™ clearly differentiates between the long-term Outcomes, the ethical Principles and the recommended Practices. Essentially the new structure and its requirements mean companies have to engage in thoughtful implementation and reporting of those practices.
3. King IV™ is inclusive to more than just large companies
After King III, there was a significant demand for the inclusivity of smaller businesses, and governmental or non-profit organizations in the King Report.
Consequently, King IV™ dedicates an entire supplement chapter to guiding municipalities; non-profit organizations; retirement funds; small and medium enterprises and state-owned entities in the implementation of the Report.
Also, where King III used terms like “companies” and “boards”, King IV™ very purposefully uses more inclusive terms like “governing bodies” and “organizations” throughout the report. It’s clear that King IV™ aims to move the principles on good corporate governance into real-world action – for all organisations.
4. Difference 3: King IV™ pushes for more accountability, transparency and reporting
What King IV™ does quite differently from King III, is recommending the application of its principles within set timelines, reports and committees within it’s recommended practices.
King IV™ strongly propagates transparency, the delegation of responsibility and the implementation of accountability by putting pen to paper in term of officiated aims, bodies responsible for those aims and the provisions of consistent reports.
Take leadership as an example, where King III would just stipulate what being a good leader means, King IV™ advises you to set goals, delegate responsibility and evaluate progress through reports and accountability.
An example would be to set up a committee, consisting of lower management levels, with clearly identifiable responsibilities and then to measure their progress via reports. It comes down to the ignorance no longer being a valid excuse. Directors should be aware of all issues within your company.
Directors should take responsibility for everything that happens within their organisation – you can’t plead innocence on the grounds of not knowing. There should rather be reports in place to identify and uncover any discrepancies early on.
Essentially, where King III lacks in the aim of ensuring the actualization of good corporate citizenship, King IV™ steps up the game.
Snapshots2 weeks ago
27 Of The Richest People In South Africa
Self Development1 week ago
5 Inspiring Quotes From Madiba To Stir You Into Action On Mandela Day
Angel Investors6 days ago
A Comprehensive List Of Angel Investors That Fund South African Start-Ups
Entrepreneur Profiles17 hours ago
Karl Westvig Of Retail Capital Shares His Insights Into A Year-On-Year Double-Digit Growth Business
Ongoing Learning3 days ago
15 Of The Best And Most Unusual Online Courses For Entrepreneurs
Lessons Learnt3 days ago
11 Things Very Successful People Do That 99% Of People Don’t
Small Business7 days ago
Even SMEs Can Use Big Data: Here’s How
Lessons Learnt2 weeks ago
Brian Tan Of FutureLab.my – Bridging The Knowledge Gap Through Social Learning