Agenda
Display Centre opens. Engage with our sponsors
Keynote Address: POPIA as an enabler of business in the data driven digital era and not an impediment to new innovations and profitability.
Adv. Pansy Tlakula, Chairperson, Information Regulator of South Africa
Many organisations are not seeing the business opportunities that come with being fully compliant to POPIA. Our speaker will unravel all the business benefits that are unlocked by embracing POPIA
Keynote Address: How to realise ROI from your GRC initiatives?
Jonathan Crisp, Managing Director, BarnOwl GRC and Audit software
Just like any other business functions, Governance, Risk and Compliance initiatives are expected to realise returns for them to successfully serve the business. Thus; this presentation will explore the various ways of showing and even calculating the value that a GRC program will add to your organization. The speaker will tackle, among other issues, the following:
- How to realise savings from the reduction of legal fines due to compliance;
- Savings from streamlined business processes due to improved reporting accuracy and employee productivity;
- Attraction of new partners and customers due to effectively carrying out due diligence; and
- Establishing a clear ownership of GRC processes.
Keynote Address: Are you forgetting about unstructured data and email in your journey to POPIA Compliance?
Brian Pinnock, Senior Director of Sales Engineering, EMEA, Mimecast
Most of the focus on POPIA compliance has centred around the collection and processing of structured data. This is data found in marketing systems, customer relationship managements systems, financial systems, enterprise resource planning systems or human resource systems, which are all linked to relational databases. But POPIA requires organisations to protect personal information in all its forms. In this keynote we’ll explain how to ensure POPIA compliance for semi-structured data such as email as well as other forms of unstructured data such as information on shared drives or social media platforms.
POPIA sets out 8 conditions for lawful processing of personal information. Condition 7 - security safeguards - is arguably one of the most important. Email security is a key consideration for these security safeguards. That’s because email is more than a communication mechanism or an archive of semi-structured data, it’s the most targeted vector for most organisations, with 9 out of 10 cyber-attacks starting with email. And having the right measures in place to secure data is a key part of achieving compliance.
Break – Visit the Display Centre and engage with sponsors
The importance of thorough due diligence in the protection of customer data
Russell Opland, Data Protection Officer, Law Firm
In order to protect clients personal information, financial service providers and other organisations need to conduct thorough due diligence when dealing with third parties. Not only does this protect their customers but also the organisation from any reputational damage caused by possible leakage of data.
Five Steps to Overcome Data Overload: Using Data Discovery & Risk Formulas to Standardize Risk at Scale
Scott Bridgen, GRC Consulting Director, OneTrust GRC
Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time.
Exploring your data universe can be an overwhelming exercise, giving you more information than you know what to do with in certain circumstances. Using careful data classification methods and flexible risk formulas, organizations can map information to harness real-time updates through a data discovery engine to fuel and standardize risk at scale with the latest information. This session will review that you can quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights.
- Identify data across business applications for the latest risk insight
- Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams
- Explore a new way to aggregate and standardize risk using real-time data points
- Understand the concentration of risk across risk domains to quantify risk using risk formulas
Panel Discussion: Strengthening your compliance, audit and risk mitigation protocols and systems after experiencing a cyber-attack
Nerushka Bowan, Founder, L.I.T.T. Institute
Shameem Goolamun, Africa Data Protection & Privacy Leader, Ernst & Young
Siphumle Ntsokolo, Manager (ISA) Information Systems Audit, Auditor General South Africa
Bulumko Kwetana, Head of Internal Audit, V & A Waterfront
Dumisa Sihawu, Associate Director, BDO
Cyber-attacks are most likely to happen to any company in any shape or form. This is especially relevant with the global pandemic as there is too much reliance on staff protecting information security from the comfort of their own homes. Due to the fact that a cyber-attack is likely to strike anytime, organisation place reliance on their compliance, audit and risk mitigation protocols. The pandemic has also challenged ways in which the Audit, Risk and Compliance function in other organisations. It is therefore imperative for the panel discussion to discuss key issues affecting the Audit, Risk and Compliance during the pandemic, the following key points will be considered:
- How to manage a cyber-attack using the combined assurance perspective?
- Do you proactively manage cyber risks as a combined assurance forum? How do you manage these risks?
- Is the CISO in your organisation a role player in the combined assurance forum?
- What are your views regarding the best ways to prevent future cyber-attacks?
BREAK. Visit the Display Centre and engage with the sponsors
Dealing with a data breach – steps and protocols to follow in containing the breach
Bevan Smith, Head of Risk, Visa Sub-Saharan Africa
COVID-19 and social distancing has created an unprecedented shift in consumer behavior towards digitally-enabled merchants and service providers. And while global fraud rates are at an all-time low, there has been an increasing trend in both the variety and quantity of breach incidents. This session will explore the proactive steps Visa is taking to maintain trust in the payments ecosystem – with a specific focus on the technologies to detect and mitigate risk, and the support provided to members once a breach is identified.
- The Payments Threat Landscape
- Visa’s Payment System Risk Detection and Breach Management Capabilities
- Best Practices for Mitigating Against Breaches
- Security Predictions for the Near and Medium Term
The rise of POPIA as a value driver - five aspects to cover
Leishen Pillay, Associate Director, Risk Advisory, Deloitte
As the COVID-19 pandemic has taken grip of the world, causing economic downturns, it has arguably become the single most defined driver for digital transformation.
South African organisations are on the road to compliance, but have a significant journey ahead of them. This is due in part to the fact that the area of data privacy has been largely unregulated, save for disparate pieces of legislation that are industry specific, as well as certain voluntary obligations that were not adopted on a substantial scale.
In order to ensure that an organisation is sufficiently enabled to comply with the provisions of POPIA and derive value, a cross-functional, multidisciplinary, fully integrated privacy team is required. The team should have regulatory, cyber security, data management and analytics, representation to ensure alignment with the key aspects of POPIA.
POPIA creates an opportunity to revolutionise the way in which business is conducted in South Africa, and truly usher in the Fourth Industrial Revolution.
Break. Visit the Display Centre and engage with the sponsors
A company journey towards GDPR compliance
Benn van Coller, Independent Data Privacy Contractor
Visit the Display Centre and engage with the sponsors
Close of conference
How to implement continuous compliance and audit processes in order to effectively mitigate risks in a fast paced digital era?
Karl Fischer, Automation Lead, Obsidian Systems
Simon Fisher, Director of EMEA Presales and Customer Success, Chef Software
The importance of integrating GRC into the mainstream business activities
Rianne Potgieter, CA (SA), CEO, Compliance Institute Southern Africa
Break. Visit the Display Centre and engage with the sponsors
How AI, cloud and other new technologies are affecting GRC?
Emily Gosling, Audit Consultant, SAP Concur
Atang Motshabi, Implementation Manager, Seriti
Greg Cubitt, Solution Consultant, Concur Africa
Visit the Display Centre and engage with sponsors
Close of conference
Mimecast
Mimecast is a cybersecurity provider that helps thousands of organizations worldwide make email safer, restore trust and bolster cyber resilience. Mimecast’s expanded cloud suite enables organizations to implement a comprehensive cyber resilience strategy. From email and web security, archive and data protection, to awareness training, uptime assurance and more, Mimecast helps organizations stand strong in the face of cyberattacks, human error and technical failure.
Please visit: www.mimecast.com
OneTrust
OneTrust is the #1 fastest growing and most widely used technology to help organizations build more trusted privacy, security, and governance programs.
Please visit: www.onetrust.com
SAP Concur
SAP® Concur® is the world’s leading brand for integrated travel, expense, and invoice management solutions, driven by a relentless pursuit to simplify and automate these everyday processes. The highly-rated SAP Concur mobile app guides employees through business trips, charges are directly populated into expense reports, and invoice approvals are automated. By integrating near real-time data and using AI to analyze transactions, businesses can see what they’re spending and avoid possible blind spots in the budget. SAP Concur solutions help eliminate yesterday’s tedious tasks, make today’s work easier, and support businesses to run at their best.
Learn more at: www.concur.co.za
Obsidian Systems in partnership with Chef
Obsidian Systems
Obsidian have expanded their knowledge base in partnership with subsidiaries Cape Town based Autumn Leaf and GuruHut, a software development house. The expansion of skills is now a formidable team with Java™ expertise aligning our Enterprise Open Source solution for retail, supporting technology and consulting services across enterprise-ready open source infrastructure, big data, collaboration and agile IT strategies for your business.
Deloitte
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. With more than 150 years of hard work and commitment to making a real difference, our organisation has grown in scale and diversity—approximately 286,000 people in 150 countries and territories, providing these services—yet our shared culture remains the same. Our organisation serves four out of five Fortune Global 500® companies.
Please visit: www2.deloitte.com/za/en/pages/risk/articles/the-rise-of-popia-as-a-value-driver.html
QUICK LINKS
ABOUT
Virtual Conference
11 February 2021
08:00 - 16:30