POPIA

06 July 2020

To whom it may concern

Morgan Solus commits to the protection of personal information and compliance with applicable laws

Morgan Solus is a South African company, and as such will need to comply with the Protection of Personal Information Act (POPIA) at such time as it is fully enforced by the Information Regulator. With growing global demand for products and services in the business continuity field, Morgan Solus has also undertaken to comply with requirements of the European Union’s General Data Protection Regulation (GDPR).

We recognise the need for good control of personal information within our organisation and operating environment, as well as on the platforms and software that we provide to our clients. In general, Morgan Solus only acts as the operator or processor of personal information within our systems as we do not determine the purposes for this processing; our clients are predominantly organisations who act as the responsible party / controller.

However, as our clients have compliance requirements of their own and entrust us with personal data via our software, we regard all information provided to us as highly sensitive and confidential, and protect it accordingly. All of our solutions are capable of being customised to meet the specific privacy needs of our clients should this be required.

As we are a small organisation, we do not have all the corporate governance structures that large enterprises have, but we use this to our advantage as we can be more responsive to any privacy or information security requirements which may arise. Our Director of Sales and Operations acts as our Data Protection Officer and works closely with our Director of Technology to ensure good management and control of privacy in our environment.

We believe that we have built strong technical security controls into our software to prevent unauthorised access to data contained therein and have external information security organisations perform periodic penetration tests to verify that these controls are still suitable given the ever-changing technology landscape.

We will never share any personal information with a third party unless we have been instructed to by a client (e.g. for the purposes of audit) or it is required by law (e.g. we have been subpoenaed to provide information for law enforcement purposes).

We have recently undergone an assessment by an external party to determine if there is anything that we might be missing from both a risk and compliance perspective. Most of the findings were procedural in nature, and we are working on strengthening these controls, updating documentation and educating our staff in the next few months.

If you have any questions or require further information, please feel free to contact our Data Protection Officer, Tracey Linnell, on traceyl@morgansolus.com or +27 72 509 6416.

Yours sincerely,

Tracey Linnell                                                                         

Director: Sales and Operations