EZ Comply Compliance Consulting

Our activities are aligned to enable clients to bridge the divide between each of the crucial aspects of becoming acceptably compliant in the easiest, shortest, most convenient and most cost-effective timeframe possible.

Compliance Services

Over the last couple of years, the range of the services on offer has widened as more and more exposure to the developments in the POPIA/GDPR, PAIA, FICA and the Prevention and Combating of Corrupt Activities Act legislation over time led exponentially to a need for more expansion and integration of a related and holistic service-set. The services offered here should enable the seamless integration of one individual service into any compliance project segment or in total for easier Implementation Planning and Budgetary Management. The core services can be classified under the following headings:.

Management Consulting

At the end of the day, it is an accepted fact that a proper understanding of the compliance playing field and the requirements of the applicable legislation is all about your business model, risk profile, risk appetite, risk management, personnel awareness and the overall level of efficiency of your Data Privacy and Information Security platforms. We are fortunate to have worked with a diverse number of organisations, helping them to assess and re-align their current compliance strategies and streamline their internal operations, leading to early initiation or adjustment of their compliance programs, which, in turn, will contribute handsomely to enhanced Competitive edge, Customer / Data Subject trust and satisfaction and overall mitigation of Regulatory Risks to the four "Pillars of Risk", namely "Reputation", "Compliance", "Financial" and "Operations". As Risk, Data Privacy and Information Security Consultants & Training Providers, we offer supporting consultation inhouse or online for the following categories of services, geared to help you get the best out of your unique business setup in a very complicated and onerous compliance environment:

  • Regulatory & Operational Compliance
  • Compliance Strategy Planning
  • Compliance Gap Assessments
  • Prevention of Fraud and Corruption management & training
  • Risk Assessments(RA) & Risk Treatment Planning(RTP)
  • ISO 31000 Risk Management application & training
  • ISO 27001 Standard security controls Statement Of Applicability(SOA) and Information Security Management System(ISMS) integration
  • ISO 27001 Control Custodian manual for & application to Information Management Committees(IMC's)
  • Sourcing/Management/Implementation of compliance related Policies, supporting documentation and Security Controls
  • Applicable in-house or public awareness training for Management, Employees and supporting Specialist Functions (i.e I/T, H/R, etc.)
  • Best Practices on Management of Information Security and Compliance Risks 

Is your business POPIA/GDPR/FICA compliant?

Does your business adhere to the latest compliance acts and legislations?

EZ Comply is based on a very simplistic business model with a flat operational structure that incorporates and facilitates other subject-matter expertise on an "As-and-When necessary"method from a large, established contact base in order to stay totally operationally independent and to minimise overhead costs to enable the most favourable service delivery rates to existing and new potential customers.

Compliance Documentation

As a basic requirement for a compliance program, it will also be a pre-requisite to source, draft or purchase "Paper Compliance" in terms of the necessary policies, procedural documentation, contracts, agreements and applicable process measuring tools to enable the practical content contained in the documents to be implemented properly in practice. We have already drafted concept compliance documentation available that can be adapted or configured to reflect the unique risk and operational profiles of diverse organisations that must comply to the various requirements under the different pieces of legislation. The documentation is made available in Word format for easy editing and will contribute to a large extent to cost and time saving as opposed to drafting all the necessary documents and policies from a scratch base. The following documents are available:

(A) There are currently two primary documents under consideration, namely:

a) Data Privacy and Information Security Policy and 

b) Business Continuation and Disaster Recovery 

(B) Secondary supporting/sequential documents: Personnel Policy (with POPIA/GDPR requirements alignment, grievance procedure, disciplinary code and user-documentation), Mobile Device/BYOD Policy, CCTV & Surveillance Policy, Fraud and Corruption Prevention Policy.   

Separate/Individual documentation: 

  • Protection of Data Privacy and Information Security Agreement (personnel & 3rd party service providers)
  • Protection of Data Privacy and Information Security Agreement (Operators)
  • Generic Third Party service contract and service level agreement
  • Role and responsibilities of the Information Officer/Deputy Information Officer
  • Letter of Delegation for Information Officer/Deputy Information Officer appointment (If not CEO)
  • Incident/Breach reporting document for Data Privacy/Information Security related events
  • Data Subject Consent to processing of Personal Information
  • Privacy Statement (Home base or Website application)
  • Implementation Gap-Assessment & Compliance Scorecard for Responsible Parties (Excel Workbook)
  • Gap Assessment for Lawful processing of Personal Information i.t.o POPIA/GDPR Processing Conditions (Excel Workbook)
  • Risk assessment with Likelihood/Impact Rating and Risk Treatment Plan integrated WorkBook (Excel Workbook)
  • ISO 27001 - Control Implementation measurement & management tool (Statement Of Applicability)(Excel Workbook)
  • ISO 27001- IMC Control Assignments & Guidance Manual for control Custodians
  • PAIA Sec. 51 Manual
  • FICA Sec. 42 Internal Rules
  • FICA Internal Training Manual for Employees
  • FICA prescribed Risk Management Compliance Programme (RMCP) and Policy on RMCP

Is your business POPIA/GDPR/FICA compliant?

Does your business adhere to the latest compliance acts and legislations?

We specialise in the areas of Data Privacy and Information Security Consultation, related Awareness/Specialist Training, Risk Assessment & management/training, Anti-Money Laundering (FICA) and Fraud Prevention and also facilitate the "End-to-End" processes required to comply with the requirements of the Acts in an external "Supportive" or internal "Hands-On" manner, whichever method may be applicable or required. Public or online seminars and training workshops are also conducted independently, or in conjunction with accredited training event facilitators and can be offered in-house when required.

Compliance Training

Training presentation is offered in Afrikaans/English via Powerpoint Presentation on different employee or awareness levels and with variable time allocations to accommodate any unique requirements of individual organisations. To supplement the presentations, printed handouts of the total presentation are provided to make notes during the sessions for later referral or revision and Certificates of Attendance for Compliance Audit purposes are available on request. The application of the PAIA legislation is also covered in the presentation content. The following basic categories of training are available (In-House, Online or Public):

POPIA

Standard 3 hour sessions
Employees & operational management levels

POPIA

Standard 6 hour sessions
Employees & operational management levels

POPIA

Specialised "Deep Dive" two-day training. Specialist /Information Security Management

POPIA 

High-level 3 hour sessions
For Senior Management Structures

GDPR High-level
(1 Day)

For Senior Management Structures 

ENTERPRISE FRAUD PREVENTION

Enterprise fraud prevention and management training

Risk Management Training 

Indepth training with 9 different content parts

Is your business POPIA/GDPR/FICA compliant?

Does your business adhere to the latest compliance acts and legislations?

If you are looking for someone with a wide range of capabilities and depth of insight into Data Privacy and Information Security Compliance against the relevant POPIA/GDPR, PAIA, FICA and Prevention of Fraud and Corruption Acts, Risk and Information Technology management, Awareness Training and also how to deal with all these challenges in practical terms, please contact us today for more information.

FICA-(Operational & management levels)

Introduction to Money Laundering: Background and purpose of the POCA, POCDATARA, FICA Acts & Regulatory framework. General terms, violations & sanctions for non-compliance under the legislation. 
FICA: Definitions and application. Obligations for Accountable Institutions. Duties for Accountable Institutions under FICA:

  • Duty to establish (KYC) and verify the identity of clients (CIV) requirements .
  • Duty to keep records: Procedures, periods & safekeeping. Access to information & relationship with PAIA & POPI Acts. 
  • Duty to report: Cash threshold transactions (Sec. 28). Suspicious and unusual transactions (Sec.29). Confidentiality & privilege. Advising clients & right to withdraw. Internal reporting procedures & enforcement. Protection of person/institution making the report.
  • Duty to comply: Formulating Internal Rules (Sec.42). Training & monitor of compliance (Sec.43). Sanctions for non-compliance.

Why take the rocky road if you can walk on paving?

We are paving the way to easier compliance with POPIA/GDPR, PAIA, FICA, RISK MANAGEMENT & FRAUD PREVENTION

Contact us today and let us help you on your path to regulatory compliance and risk management.

EZ Comply

© Copyright 2021 - EZ Comply - All Rights Reserved. Website design and maintenance by Mojotech.

Get in Touch

082-444-8735
info@ezcomply.co.za

Newsletter