Document Preview

This document has no preview

Document Details

Title
POPIA Toolkit - Incident response plan
Description
POPIA Toolkit - Incident response plan & control sheet
Category
POPIA
Sub Category
Toolkit
Document Type
Template
Filename
Final Incident response plan ETDP SETA.docx
Publish Date
15/03/2022
Price
R495.00
Author
Johanette Rheeder
Document Format
DOCX
1. Introduction: This policy describes the Personal Information Breach Incident Response Plan (‘IRP’) of ____(Pty) Ltd (‘Company’). This plan is derived from industry standards and the applicable provisions of the Protection of Personal Information Act, Act 4 of 2013 (‘POPIA’). Each step is described in detail below, however, these steps are not listed in chronological order as the application of each step depends on the nature and circumstances of the incident. The steps described below are not a substitute for sound business practices and discretion. 2. Purpose: Having a clear, readily-accessible IRP available to implement immediately upon becoming aware of any cyber-incident or data breach is vital. It is also important to implement periodic dry-runs, training, awareness and testing of this IRP to ensure that the IRP is effective. This will facilitate and enable the Company to comply with its obligations under POPIA, navigate the aftermath of cyber-incidents and data breaches and mitigate any possible liabilities faced by it. This IRP aims to limit the impact that a Personal Information (‘PI’) breach might have on the company, its the customers, employees, service providers, and third parties (‘Data Subjects’ / ‘DS’) whose PI the Company may hold at any point in time. Timeous action and coordinated response are key requirements by the Company of the appointed Information Officer (‘IO’)/Deputy Information Officer(s) (‘DIO’), the employees, and the Management of the Company.