A responsible party is required to ensure that operators which process personal information for the responsible party, secures the integrity and confidentiality of personal information in its possession or under its control (i.e. subcontractors) by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information; and unlawful access to or processing of personal information.
The POPIA platform maintains a record of operator (i.e. service providers, application system vendors, cloud computing vendors, contractors and other third parties) compliance with contractual obligations, including the technical and organisation measures the operator must implement in accordance with generally accepted information security practices and procedures (e.g. Prudential Standard GOI 5, SARB Directive 2/2019, FSCA's Treating Customers Fairly (TCF), ISO 27701, NIST SP 800-53 Rev. 4).