PoPIA - Condition 7 Security Safeguards Standards

South Africa's Standard for Safeguarding Customer Information

Meet the requirements of the PoPIA (Protection of Personal Information Act) Safeguard while managing compliance with ALL of your IT Security requirements . . . regardless of source.

Download Datasheet

Cybersecurity Risk Management for Companies to Protect personal Information Inside of South Africa.

What is the Protection of Personal Information Act?

The Protection of Personal Information Act (PoPIA) is a piece of legislation which governs the law of data protection and privacy in South Africa. The act was passed to regulate the right to privacy, as enshrined by section 14 of the Constitution of South Africa and would work in conjunction with the Promotion of Access to Information Act. As a critical regulatory standard from the Republic of South Africa, POPIA places great emphasis on the security, integrity, and confidentiality of personal information.

But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigates the waters of the regulation, and comply with all of its requirements, without having to be a regulatory expert.

The South African Standard for Safeguarding Customer Information.

Introducing the new Protection of Personal Information Act (PoPIA) Condition 7 – Security Safeguards Standards and Controls feature on Compliance Manager GRC. As a critical regulatory standard from the Republic of South Africa, PoPIA places great emphasis on the security, integrity, and confidentiality of personal information.

Our new feature enables users to navigate the complex PoPIA requirements with ease, offering an in-depth assessment of an organization’s compliance with Sections 19, 20, 21, and 22 of Condition 7 – Security Safeguards. Users can generate bespoke policies and procedures, carry out detailed assessments, and establish actionable plans for regulatory compliance.

Ideal for (MSPs) and (SMB) IT Technicians, our new feature streamlines the compliance process, manages risk, and provides demonstrable evidence of adherence to global data privacy standards. Navigate PoPIA with Compliance Manager GRC, your trusted partner in managing IT compliance.

What Sections of the PoPIA Regulatory Requirement are Covered

Kaseya’s Compliance Manager GRC covers an organization’s implementation of the PoPIA regulatory requirements associated with PoPIA Chapter 3 – Part A – Condition 7 – Security Safeguards, sections 19, 20, 21, and 22.

The 6 Control Objectives

Section 19 – Security measures on integrity and confidentiality of personal information

  • Measures to prevent loss, damage, or unauthorized destruction.
  • Measures to prevent unlawful access or processing.
  • Reasonable measures
  • Due regard to information security practices and procedures

Section 20 – Information processed by operator or person acting under authority.

  • Authorization and confidentiality

Section 21 – Security measures regarding information processed by operator.

  • Written contract to contain operator security measures.
  • Operator breach notification of responsible party

Section 22 – Notification of security compromises

  • Notification of Regulator
  • Notification of data subject
  • Timeliness of notification
  • Delay of notification to prevent impeding criminal investigation.
  • Written notification and communication methods
  • Written notification to contain sufficient information.
  • Publication of the notification at the direction of the Regulator

Jurisdiction and Penalties

The PoPIA Act applies to all persons and organizations within the borders of South Africa and extends to visitors and illegal immigrants. Penalties under the Act include fines of up to 10 million and a jail sentence of up to 10 years.
It is important to note that South Africa does not yet have a formal cohesive piece of legislation in force which governs cybercrimes in South Africa. They do, however, have an Information Regulator, which acts as an independent body created because of the rule and empowered to monitor and enforce compliance of the acts within the public and private sector. They are held accountable to the National Assembly of South Africa.

Featured Product Highlights for This Standard

The built-in PoPIA Template allows you to quickly determine which requirements you already meet, identify the gaps, and automatically prepare all of the documents you need to comply with the regulation.
You can use your existing IT security and privacy tools to implement the required safeguards specified by the Rule, but Compliance Manager GRC includes some additional specialized functionality you will need to fully comply.

Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:

  • Rapid Baseline Assessments – Quickly identify gaps in any safeguards required for compliance of PoPIA
  • Technical Risk Assessments – Full risk assessment (based on Chapter 3 – Part A – Condition 7 – Security Safeguards, sections 19, 20, 21, and 22.)
  • Policies & Procedures Manual – Required documentation
  • Employee Awareness Training Portal – Tracking and reporting
  • Customizable standards and controls — Useful for modifying procedures to match your specific way of complying.
  • Role-based access — helps involve others in complying with PoPIA
  • Automated Documentation & Reporting — Required under Section 22
  • Vendor Management Portal — Required under section 21
  • Auditor’s Checklist – Essential in the event of an audit or breach.

Best of all, you can use this same platform to manage compliance with all of your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies.


Whether complying with the Protection of Personal Information Act, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility.


Assuring compliance with the Protection of Personal Information Act– and all your other IT requirements – is easy with Compliance Manager GRC.  You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation.


Compliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Request a Demo today and discover the advantages of Compliance Manager GRC — the purpose-built compliance process management platform for multifunctional IT professionals.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo