PROTECTION OF PERSONAL INFORMATION POLICY
GROUP RISK MANAGEMENT SERVICES (PTY) LTD (“GRMS”)
The objective of this policy is to protect GRMS’ information assets from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.
This policy establishes a general standard on the appropriate protection of personal information within GRMS. It provides principles regarding the right of individuals to privacy and to reasonable safeguards of their personal information.
This policy applies to the sole proprietor or key individuals, representatives and staff of GRMS. The sole proprietor or key individuals (or management) are ultimately responsible for ensuring that information security is properly managed. The Information Officer, Craig Gibson, is responsible for:
· Ensuring this policy is supported by appropriate documentation, such as procedural instructions.
· Ensuring that documentation is relevant and kept up to date.
· Ensuring this policy and subsequent updates are communicated to relevant managers, representatives, staff and associates, where applicable.
The sole proprietor or all key individuals, representatives and staff are responsible for adhering to this policy, and for reporting any security breaches or incidents to the Information Officer.
The external individual(s) who is (are) contracted to handle the information technology of GRMS must adhere to the same information security as that of GRMS and will confirm by separate agreement that they have such security measures in place in respect of processing of personal information.
The sole proprietor or each key individual, representative and staff member of GRMS is committed to the following principles:
The management and Information Officer of GRMS are responsible for administering and overseeing the implementation of this policy and, as applicable, supporting guidelines, standard operating procedures, notices, consents and appropriate related documents and processes. The sole proprietor or key individuals, representatives and staff of GRMS are to be trained according to their functions in regulatory requirements, policies and guidelines that govern the protection of personal information. GRMS will conduct periodic reviews and audits, where appropriate, to demonstrate compliance with privacy regulation, policy and guidelines.
GRMS shall establish appropriate privacy standard operating controls that are consistent with this policy and regulatory requirements. This will include:
This policy is implemented by GRMS and will be adhered to by the sole proprietor or all key individuals, representatives and staff who are tasked with collecting and processing of personal information. Non-compliance with this policy may result in disciplinary action and possible termination of employment or mandate, where applicable.