Business POPIA & ISO 27001 Compliance Health Check Questionnaire
Objective:
This quick, high-level self-assessment helps South African businesses (outside the healthcare sector) evaluate their alignment with the Protection of Personal Information Act (POPIA) and the Cybercrimes Act 2020.
Many businesses meet basic POPIA requirements but overlook robust information security safeguards. POPIA Section 19(3) requires the responsible party to “have due regard to generally accepted information security practices and procedures, which may include internationally recognised standards and guidelines.” The internationally recognised standard for information security management is ISO/IEC 27001, widely recommended for demonstrating appropriate safeguards under POPIA.
Completing this assessment will highlight gaps and show where ISO 27001-aligned controls can strengthen your business’s compliance and data protection.
Instructions:
Answer each question honestly with Yes or No. Tally your “Yes” responses at the end.
The ISO 27001 Advantage
POPIA Section 19 requires appropriate, reasonable technical and organisational measures, with due regard to international standards. ISO/IEC 27001 is the globally recognised standard for Information Security Management Systems (ISMS), providing a risk-based framework that aligns perfectly with POPIA’s security obligations.
Implementing ISO 27001 controls (e.g., risk assessments, access controls, encryption, and incident response) not only protects data but offers a strong defence in regulatory investigations.
If your assessment reveals gaps – especially in technical security (questions 12–19) – your business may not yet meet these internationally aligned standards.
Next Steps
Elevate your compliance with our comprehensive POPIA + ISO 27001-aligned Compliance Management Framework. It includes policies, SOPs, registers, and checklists tailored for general businesses.
Safeguard your customers, employees, and business – take action today.
General Business – POPIA Compliance Management Framework
R3,450.00 VAT Excl.
Description
The Protection of Personal Information Act (POPIA) is mandatory for South African businesses, but navigating the complexities of compliance can be overwhelming.
This “General Business: POPIA Compliance Management Framework” is designed to demystify the process. It is not just a set of documents; it is a complete, actionable system that guides your organization through the lifecycle of data protection.
Based on our proven five-step model, this framework includes the tools, templates, and guidance necessary to implement a robust compliance program.
What’s Included in the Framework:
-
Data Mapping & Assessment: Tools to help you understand exactly what personal data you hold, where it is stored, and the risks associated with it.
-
Implementation & Training: Practical resources to embed privacy policies into your daily operations and educate your staff on their responsibilities.
-
Monitoring & Auditing: Checklists and procedures to ensure your compliance measures remain effective over time—compliance is a journey, not a destination.
-
Breach Response: A clear, pre-defined action plan to manage security incidents calmly and legally, minimizing damage should a breach occur.
-
POPIA Compliance Core: The foundational policies and essential documentation required to demonstrate your commitment to protecting personal information.
Who is this for? Small to medium-sized businesses looking for a clear, practically applicable solution to POPIA compliance without needing an in-house legal team.
