BUSINESS AND IT RISK ADVISORY SERVICES POWERED BY THE ADVANTAGE OF PRESCIENCE
Ironvault focuses on understanding the patterns and underlying mechanisms of governance, risk and compliance management. We are situated in South Africa where we are proud to have created an advanced creative, collaborative and open-minded business risk, information risk research and hands on services network sitting globally.
To drive the new era of consulting in the fourth industrial revolution, offering the most advanced business and information governance, risk and compliance services by using the power of technology and people to manage data more visually, easier, faster and more secure.
To shield integrity and information in business and on the internet
Make the right business decisions in real-time with our easy to use solution that provides a comprehensive integrated approach to governance, risk and compliance.
GOVERNANCE, RISK AND COMPLIANCE ROLL-OUT - Fast & Easy
Reassess the way your organisation pursues opportunity and manages risk with our integrated governance, risk and compliance platform. .
On 1 July 2020, South Africa’s Protection of Personal Information Act (POPIA) finally came into force, coming hot on the heels of other new privacy regulations, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Most sections of the act are now officially law. But compliance isn’t mandatory until the remaining part of the legislation, which grants enforcement powers to South Africa’s new regulatory authority the Information Regulator, comes into effect on 1 July 2021. This means that, if your organization is subject to the POPIA, you only have a few months to comply.
POPIA only applies to companies based in South Africa or those that process personal data within South African borders. So, to check whether you need to comply, you’ll need to find out exactly where you’re processing personal data. This should include the whereabouts of not only your on-premises data centers but also your cloud-based deployments. Your cloud infrastructure will likely be the deciding factor, as both AWS and Microsoft Azure now have cloud regions in South Africa. So your company could well be using them in a bid to bring your data closer to African customers.
POPIA VS GDPR
Despite its slightly earlier origin, the POPIA is still very similar to the GDPR, sharing much the same guiding principles, including accountability, transparency, security, data minimization, purpose limitation and the rights of data subjects. In terms of how it defines personal data, the POPIA is more extensive than the GDPR, as it covers not only the information you collect about individuals but also about companies and other types of organization. This is a significant departure from other data privacy laws. So it’s not yet clear how exactly it’ll work in practice. However, as your first step to compliance, you should reflect the new legal requirements in your contracts with partners, suppliers and vendors.
As with the GDPR, the POPIA classifies a separate subcategory of personal data, known as special personal information, which is more sensitive and therefore subject to stricter requirements. This mainly relates to an individual’s:
• religious or philosophical beliefs,
• race or ethnic origin
• trade union membership
• political persuasion
• sex life or sexual orientation
• physical, physiological or behavioral characteristics (biometric data)
In addition, the POPIA applies to the personal data of any individual—regardless of their nationality. So while the GDPR is only designed to protect EU citizens, the POPIA protects anyone whose personal data is processed within South African territory or by a South African undertaking.
TRUSTED CONSULTING & ADVISORY SERVICES
INTERNAL AUDIT SERVICES
Our audit services is responsible for analyzing and assessing a companies infrastructure, business controls, third party suppliers, health and safety, financial, risks and security controls etc to ensure processes and systems run accurately and efficiently and meet compliance regulations.
Our audit services can be considered the process of collecting and evaluating evidence to determine whether the organisations goals are achieved effectively an is the business using resources efficiently.
CYBER SECUIRTY CONSULTANCY AND ADVISORY SERVICES
The unstoppable growth of cyber crime means organisations of all sizes need to rethink their approach to the virtual security of their sites and data.
Small, medium businesses, with less-stringent security measures fall prey to hackers. At best, a hacker may use your site as a ‘mule’ to send out spam. At worst, they use their skills to gain access to your bank account, or to steal your ideas.
Our strategic focus is to help build cyber resilient businesses that can not only protect themselves in cyberspace, but also swiftly recover froma cyber crisis and resume business operations when attacked.
We help businesses identify critical and data assets.
Conduct risk assessments.
Helping establish effective and appropriate controls.
Helping to create an effective incident response plan.
Train all staff.
GRC BLOCKCHAIN SERVICES
We provide technological expertise in blockchain architecture, deployment of smart contracts, development of decentralised apps and side chains for integrating multiple blockchains. We provide consultancy in cyptocurrency investments, ICO consultancy and integrating token with business models.
We have the ability deploy GRC applications that capture, learn and leverage data by fragmentation and unbundling of services.
Integrate end to end machine to machine communication. Leverage multiple chains and side chains.
Deploy smart contracts across different DLT's.
Incorprate p2p token economics.
AND COMPLIANCE SERVICES
Data governance isn’t solved in one corner of any business. It should be a collaboration between IT and business, who must consistently and collaboratively improve the trustworthiness and quality of your data to power key business initiatives and ensure regulatory compliance.
Our experts will offer your organisation a true enterprise data governance strategy and solutions that can be managed on-premises or in the cloud to meet the needs of both the business and IT.
We consider how prepared your organisation is and then look at areas that require improvement. Our specialists will make it possible for you to manage your security breach response on-site and remotely. Our experts will assist with the appropriate level of system defense to monitor threats and detect them along with the introduction of the right rules. We will collect evidence and provide plans linked to communicating and notifying of a any breach while ensuring you comply with regulations that affect your breach management.
We will provide training and awareness to ensure that your staff is capable of handling a data breach.
Enterprise risk management is a design-based business strategy that aims to identify, assess, and plan for any dangers, hazards, and other potentials for disaster—both physical and figurative—that may interfere with a businesses operations and objectives. The need for effective enterprise risk management ( ERM )is more important than ever. Events such as the global financial crisis or the ongoing COVID-19 pandemic highlight the far-reaching impacts of enterprise risk management and the consequences of management failure.
We will assist your organisation to navigate the new normal.
Our computer forensics is an application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Our forensics experts assist in the investigation of crimes and cyber security incidents. In many cases, we work to recover hidden, encrypted, or deleted information related to the case.
We will safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.
CYBER CRISIS TABLETOP EXCERCISES
Our Cyber Tabletop Exercise designed and run by CM-Alliance is a unique blend of verbal and visual simulation along with interactive discussions on an agreed cyber-attack scenario relevant to an organisation. Our cyber exercises are:
Conducted in a highly engaging and interactive format, ensuring maximum participation and highly relevant output and constructive discussions.
Structured as a combination of scenario walkthroughs and engaging and practical exercises.
Followed up with a comprehensive report with an easy-to-understand maturity scoring system.
We can run a full cyber incident response tabletop exercise either remotely or onsite. The only way you can determine if your incident response plans will work during a real crisis is to test them.
LEGAL RISK MANAGEMENT
Running a business means taking risks. The biggest risk a organisation can take is not to think about risks at all. It is therefore wise to identify the risks that a company is exposed to in order to control them where possible. In this way, costs can be saved and more profit generated. Risk management is an ongoing process that requires in-depth knowledge not only of a business, but also of the environment in which the business operates. This includes legal risks, as well as legal solutions to other types of risks a business can face on a daily bases.
Our legal risk management services will map the legal risks facing a company while keeping abreast of emerging regulations which can carry legal risks is essential, including those regulations which primarily relate to operations.
Risk is unavoidable are your staff members able to identify the risk in your business and outline a intelligent strategic precautionary action plan.
Our risk management training is to raise basic awareness of risk management concepts and mechanisms, to enable participants to identify and manage risks.
Development operations security
refers to the discipline and practice of safeguarding the entire Development operations environment through strategies, policies, processes, and technology. We believe security should be built into every part of the development operation lifecycle, including inception, design, build, test, release, support, maintenance, and beyond.
DevSecOps is a further development of the DevOps concept that, besides automation, addresses the issues of code quality and reliability assurance.
Our data management services are aimed at ingesting, storing, organizing and using data, which was created and collected by a company. Our data management services involves a practice of collecting, keeping, using data securely, efficiently, and cost-effectively. We provide a robust data management strategy for organisations that are increasingly relying on intangible assets to create value. Our data management services will allow organisations to effectively determine the cause of problems quicker.
Our data management service will allow organisations to visualize relationships between what is happening in different locations, departments,systems and deal with risks immediately in the business.