INFO REGULATOR SA STRAT PLAN

Measuring Our Performance

Technical Indicators (TIDS)

Our Mandate

Strategic Focus

No Risk Description

Mitigation Plan

Due date for mitigation plan

Responsible person

10.12. Conduct regular reviews to ensure compliance with POPIA.

Quarterly

Chief Information Officer and Chief Legal Officer (Deputy Information Officer) Chief Information Officer

10.13. Develop and keep an updated ICT Security Policy. 10.14. Implement Data Loss Preventions (DLP). 10.15. Implement Privileged Access Management (PAM). 10.16. Adopt Zero Trust Architecture. 10.17. Implement cyber insurance. 10.18. Establish a Security Operations Centre (SOC).

31 March 2026

31 March 2026

Chief Information Officer

31 March 2026

Chief Information Officer

31 March 2026 31 March 2026 31 March 2026

Chief Information Officer Chief Information Officer Senior Manager: HRM&A

10.19. Establish a stand-alone

31 March 2026

Senior Manager: HRM&A

cybersecurity office, led by a CISO.

10.20. Provide a costing for all the ICT items allocated in this mitigation plan and submit to the CFO for consideration.

01 April 2025

Chief Information Officer

11.

Inadequate contract management.

11.1.

Monitor expiry date of contracts through an electronic contract management system to eliminate irregular expenditure. Ensure completeness of service level agreements. End users/divisional heads to monitor their contracts through contract management system. Monitor progress of contract management implementation monthly through Management meetings.

Quarterly

Chief Financial Officer and Chief Information Officer

11.2.

Quarterly

Chief Legal Officer

11.3.

Quarterly

All Divisional Heads

11.4.

Bi-monthly

MANCO Chairperson

8. Infrastructure Projects

N/A 9. Public Private Partnership

N/A

Strategic Plan 2025/2026

45