Protection of Personal Information Act, 2013
R 385.00
National Strategic Intelligence Act, 1994 (Act No. 39 of 1994)RegulationsElectronic Communications Security Needs Analysis Regulations, 20142. Objectives of the Electronic Communications Security Needs Analysis |
| 2.1 | The main objective of the electronic communications security needs analysis is to ensure that critical electronic communications and infrastructure of organs of State are identified, protected and secured. |
| 2.2. | To this end, the Agency shall undertake an electronic communications security needs analysis to determine the electronic communication security status and the required protection of critical electronic communication and infrastructure of all organs of the state. |
| 2.3 | The Agency may procure the services of an external auditing and/or project management professional to assist it with the needs analysis of electronic communications of organs of state, if such assistance will not jeopardise national security and national interest of the Republic. |
| 2.4 | The electronic communications security needs analysis entails an information gathering exercise whereby a needs analysis in the form of a request for information contained in a questionnaire shall be distributed to all organs of state. This requires organs of state to initially provide a written response to a series of questions contained in the questionnaire. If necessary, the Agency will complement written responses to the questionnaire through on-site or offsite interviews. |
| 2.5 | Upon receipt of the written responses to the questionnaire and/or on-site interviews or off-site interviews, the Agency shall perform a preliminary electronic communications security needs analysis of each organs of state. Should it so determine, the Agency shall conduct a more detailed assessment of the relevant organs of state's individual electronic security status, including but not limited to— |
| 2.5.1 | On-site inspection and testing of its current electronic communications infrastructure; |
| 2.5.2 | Interviews with relevant officials within a particular organ of state regarding its security policies, procedures and standards, security management structures, and security custodianship, roles and responsibilities; |
| 2.5.3 | Any other methodology required for ascertaining the effectiveness of the network perimeter security; |
in order to determine the electronic communications security systems, products and services and the functionality and interoperability levels of the products currently used by an organ of state.
| 2.6 | Each organ of state will be individually assessed based on its compliance with certain electronic communications security requirements. Once the analysis is completed, the Agency will submit its recommendations to the relevant organ of state in the form of a report with findings and recommendations. |
