Information Security Risk (PoPI) Policy

In terms of the Protection of Personal Information Act, 4 of 2013

    1. Purpose

    This Policy sets out how Emergence Growth South Africa (“the Company”) manages information security and information risks to ensure the confidentiality, integrity and availability of Personal Information.

    2. Scope

    Applies to all employees, contractors, systems, devices and third parties processing Company information.

    3. Objectives

    The Company aims to:

    • Protect Personal Information and business data
    • Prevent unauthorised access, loss or misuse
    • Ensure system availability and resilience
    • Comply with POPIA and applicable laws

    4. Information Security Principles

    All information must be:

    • Confidential – accessed only by authorised persons
    • Accurate – complete and up to date
    • Available – accessible when required

    5. Risk Management

    The Company will:

    • Identify and assess information risks regularly
    • Maintain a risk register
    • Implement controls to reduce risks
    • Review risks periodically

    6. Roles And Responsibilities

    Information Officer:

    • Oversees compliance and security governance

    Management:

    • Own and manage information risks

    Employees:

    • Must protect information and report incidents

    7. Access Control

    • Access is role-based and authorised
    • Unique user IDs and passwords required
    • No sharing of credentials
    • Access reviewed regularly

    8. Data Security Measures

    The Company implements:

    • Encryption of sensitive data
    • Secure storage and backups
    • Firewalls and anti-virus protection
    • Secure access controls

    9. Device And Network Security

    • All devices must be secured with passwords/PINs
    • Software must be updated regularly
    • Anti-virus protection required
    • Secure networks and firewalls in place

    10. Information Classification

    Information is classified as:

    • Public
    • Internal
    • Confidential
    • Restricted

    Handling must align with classification level.

    11. Incident Management

    All security incidents must be:

    • Reported immediately
    • Investigated
    • Managed in line with the Data Breach Policy

    12. Business Continuity/span>

    The Company maintains:

    • Backup procedures
    • Disaster recovery plans
    • Regular testing of recovery processes

    13. Third Parties

    All third parties must:

    • Comply with POPIA
    • Implement security controls
    • Sign data processing agreements

    14. Non-Compliance

    Failure to comply may result in:

    • Disciplinary action
    • Legal consequences

    Updates to this Policy

    The Company reserves the right to amend this Policy at any time to ensure ongoing compliance with applicable legislation and best practices..

     

    Updated March 2026

    Ready to transform insights into action?
    Contact Emergence Human Capital to design, deploy, and drive meaningful change through intelligent employee engagement surveys.

    Office: +27 11 026 3442

    eMail: [email protected]

    https://emergencegrowth.com/hr-reward-services/hr-surveys-data-insights/