Ethco assists organisations not only to manage the risks posed by the use of information and technology, but also to comply with applicable law, standards, best practice and the King III code of conduct.
Organisations should consider and comply with common law, the Electronic Communications and Transactions Act, 25 of 2002 (the ECT Act), the Promotion of Access to Information Act, 2 of 2002 (PAIA), the Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 (RICA), the Labour Relations Act, 66 of 1995, the Protection of Personal Information Bill of 2005 and the National Archives and Record Service of South Africa Act, 1996, where the applicable organization is a pubic body. Also included are the various statutes which require all organizations to comply with the following:
- Retain between 150 and 400 “records†for prescribed periods of time
- Not to destroy the paper originals of certain records
- Not to destroy records which are subject to requests for access under PAIA
- To manage records in accordance with the National Archives and Record Service of South Africa Act (if a public sector organization) and possibly the critical database provisions of the ECT Act (once the Regulations are promulgated
- Determine who may "process" "personal information" in order to comply with the Information Protection Principles outlined in the Protection of Personal Information Bill.
Three 3 South African national standards are applicable to all organisations, namely, SANS 15489 (records management), SANS15801 (electronic imaging) and SANS17799 (information security).