IRD: Service Provider/Consultant - PoPI Implementation Policy

IRD SA NPC
Please note: this opportunity closing date has passed and may not be available any more.
Opportunity closing date: 
Monday, 27 September, 2021
Opportunity type: 
Call for proposals

TERMS OF REFERENCE FOR THE APPOINTMENT OF A SERVICE PROVIDER TO DEVELOP, IMPLEMENT AND CONDUCT MAINTENANCE OF A COMPREHENSIVE PROTECTION OF PERSONAL INFORMATION POLICY AND IN COMPLIANCE WITH THE PROTECTION OF PERSONAL INFORMATION ACT.

IRD SA NPC
Block A, 1st Floor, 36 Wierda Road West 
Wierda Valley, Sandton 
South Africa
2192

JUNE 2021

TABLE OF CONTENTS

1.     BACKGROUND.. 2
2.     OBJECTIVES. 2
3.     SCOPE OF WORK. 2
4.     TIMEFRAME. 3
5.     REQUIRED QUALIFICATIONS OF CONSULTANT/COLLABORATOR.. 4
6.     PROPOSAL SUBMISSION.. 4

1. BACKGROUND

Interactive Research and Development South Africa (IRD SA NPC) is a South African Section 21 not-for-profit entity and an affiliate of Interactive Research and Development Global (IRD Global) and has fully operational offices in Johannesburg (Gauteng), Pretoria (Tshwane), Durban (KwaZulu-Natal) and Worcester (Cape Winelands, Cape Town).

2. OBJECTIVE 

The objective of this Terms of Reference (ToR) document is to seek the services of a service provider to offer guidance for the complete development and implementation of a Protection of Personal Information (POPI) policy in compliance with legislative requirements. 

3. SCOPE OF WORK

The scope of work entails the following: 

  • Provide the means to ensure all IRD SA staff have the necessary awareness and training on the POPI Act.
  • Conduct a full review of all IRD SA policies, processes and procedures that involve the collection and processing of personal information and propose remedial action to mitigate.
  • Strategically review IRD SA data protection including the level of compliance with Protection of Personal Information Act (POPIA).
  • Provide a review and draft necessary updates to contractual relationships with third-party service providers who process personal data on behalf of IRD SA.
  • Provide a review and draft necessary updates to disclaim the terms and conditions under which current or potential registered service providers provide personal information to IRD SA.
  • Considering this review, identify any gaps in compliance with the requirements of applicable data protection laws, including but not limited to POPIA.
  • Develop a POPI and POPIA manual and related policies.
  • Identify any exemptions for which IRD SA needs to apply under POPIA and draft the applications.
  • Identify and list the necessary training interventions to ensure IRD SA staff are suitably skilled and informed about POPIA requirements.
  • Identify and draft any necessary relevant updates to the risk register for IRD SA.
  • Provide a list of necessary additional actions to ensure full compliance with the requirements of data protection laws applicable to IRD SA’s activities and operations.
  • Strategically review IT cybersecurity vulnerabilities at IRD SA.
  • Review and draft necessary updates to IRD SA’s ICT, cybersecurity and related policies, procedures, and other internal documentation.
  • Draft an emergency recovery plan in the event of a breach of cybersecurity.
  • Draft a list of necessary additional short-term actions to ensure adequate cybersecurity at IRD SA.
  • Develop a road map of long-term activities to enhance IRD SA’s future cybersecurity position.
  • Identify and list the necessary training interventions to ensure IRD SA’s IT technical team and all staff are suitably skilled and informed.
  • Give a final presentation of the findings to the IRD SA Executive Management.

 4. TIMEFRAME

The services stated above will need to be rendered over a period of [3months] period commencing on the date of the signing of the TOR.

5. REQUIRED QUALIFICATIONS OF CONSULTANT/COLLABORATOR 

Interested individuals/Institutions/Firms should possess:

  • Completed a bachelor’s degree in LLB and admitted attorney or related field.
  • Accredited member of the Compliance Institute of South Africa.
  • Completed a Business Management Degree or a related field.
  • Good knowledge of the legal requirements and procedures.
  • 3-5 years‘ experience in operational risk management. 
  • Strong oral and written communications skills.  
  • Highly analytical with a strong attention to detail.
  • Exemplary time management skills
  • Possess a collaborative personality.

 6. PROPOSAL SUBMISSION  

Interested service providers should send / hand deliver / post or courier their proposals to the address below by 27/09/2021 
 
For more information, kindly send an email to:
Name : Mr C Makombe
Email  : charles.makombe@ird.global
 
All documents must be submitted to: 

Name          :        Mr C Makombe
Address     :        Block A, 1st Floor, 36 Wierda Road West 
Wierda Valley, Sandton 
South Africa
2192

Location: 
Sandton

NGO Services

NGO Services

NGO Events

S M T W T F S
 
 
 
 
 
1
 
2
 
3
 
4
 
 
6
 
7
 
8
 
 
10
 
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
 
27
 
28
 
29
 
30
 
31