Legal

PAIA Manual

Prepared in terms of the Promotion of Access to Information Act 2 of 2000 and the Protection of Personal Information Act 4 of 2013.

Canonical artefact metadata

Owner
CyberSec Legal and Trust Office
Approver
CyberSec Executive Governance
Version
1.0.0
Last reviewed
2026-04-20
Next review due
2026-10-20

Manual details

CyberSec Consultants (Pty) Ltd

Last updated: 30 April 2026

Purpose of this PAIA Manual

This PAIA Manual is intended to assist members of the public, clients, data subjects, regulators, and other interested parties in understanding how to request access to records held by CyberSec Consultants and how CyberSec Consultants processes personal information in accordance with POPIA.

Organisation details

  • Legal / Trading Name: CyberSec Consultants (Pty) Ltd
  • Information Regulator Registration Number: 2025-066570
  • Organisation Type: Private Organisation
  • Private Organisation Type: Private Company
  • Website: https://www.cybersec.co.za
  • Email: info@cybersec.co.za
  • Telephone: +27 (0)10 140 6535
  • Physical Address: 1 Wedgewood Link Road, Bryanston, Sandton, Johannesburg, South Africa, 2191
  • Postal Address: 1 Wedgewood Link Road, Bryanston, Sandton, Johannesburg, South Africa, 2191

Information Officer details

  • Information Officer: Nathan Dominique Desfontaines
  • Designation: Managing Director
  • Appointment Date: 30 June 2021
  • PAIA requests: info@cybersec.co.za
  • Telephone: +27 (0)10 140 6535
  • Physical / Postal Address: 1 Wedgewood Link Road, Bryanston, Sandton, Johannesburg, South Africa, 2191
  • Deputy Information Officers: CyberSec Consultants has not appointed any Deputy Information Officers at this stage.
  • Admin Officers: CyberSec Consultants has not appointed any Admin Officers at this stage.

Availability of the PAIA Guide

The Information Regulator has published a PAIA Guide to assist members of the public in understanding how to exercise rights under PAIA.

The PAIA Guide is available at https://www.inforegulator.org.za. It may also be requested from the Information Regulator using contact details published on the Regulator website.

A copy of the PAIA Guide, in at least two official languages where required, will be made available for inspection at CyberSec Consultants principal place of business during normal business hours.

Records Automatically Available

Where records are already publicly available, a requester does not need to submit a formal PAIA request to access them.

  • Website content published at https://www.cybersec.co.za
  • Public company information
  • Service descriptions and marketing material
  • Public contact information
  • Published policies, notices, and public-facing legal documents
  • Publicly available thought leadership, articles, and awareness material
  • PAIA Manual and privacy-related notices published on the website

A notice of categories of records automatically available without request is provided through this PAIA Manual and on the CyberSec Consultants website.

Records Available in Terms of Other Legislation

CyberSec Consultants may hold records required or permitted under the following legislation, to the extent applicable to business operations.

  • Companies Act 71 of 2008
  • Basic Conditions of Employment Act 75 of 1997
  • Labour Relations Act 66 of 1995
  • Employment Equity Act 55 of 1998
  • Income Tax Act 58 of 1962
  • Value-Added Tax Act 89 of 1991
  • Electronic Communications and Transactions Act 25 of 2002
  • Protection of Personal Information Act 4 of 2013
  • Promotion of Access to Information Act 2 of 2000
  • Cybercrimes Act 19 of 2020
  • Occupational Health and Safety Act 85 of 1993
  • Consumer Protection Act 68 of 2008, where applicable

Subjects and Categories of Records

  • Corporate and governance records
  • Financial and tax records
  • Client and service delivery records
  • Human resources records
  • Information security records
  • Legal and compliance records
  • Marketing and website records

Processing of Personal Information

CyberSec Consultants processes personal information for legitimate business, operational, legal, contractual, and security purposes, including service delivery, contracting, client management, billing, supplier and workforce administration, lawful compliance, and protection of information assets.

Data Subjects, Personal Information, and Recipients

  • Data subjects may include clients, client representatives, suppliers, employees, contractors, website users, advisers, and regulators.
  • Personal information may include contact, contractual, billing, technical contact, correspondence, and employment-related information where applicable.
  • Recipients may include authorised CyberSec personnel, clients, advisers, service providers, and regulators where lawful and necessary.
  • CyberSec Consultants does not sell personal information.

Transborder Flow and Security Measures

CyberSec Consultants may use cloud, email, hosting, and collaboration systems that involve processing or storage outside South Africa. Where personal information is transferred outside South Africa, reasonable steps are taken to ensure lawful transfer and appropriate safeguards.

Security controls may include, where applicable, least privilege access control, authentication controls, multi-factor authentication, secure configurations, endpoint protection, encryption, backup, logging, monitoring, vulnerability management, contractual controls, and incident response processes.

Request procedure

  1. Submit a PAIA request in the prescribed PAIA form through the published PAIA intake route.
  2. Provide sufficient requester, record, and contact details required by PAIA.
  3. Identity and authority checks are performed before disclosure.
  4. Where applicable, permissible fees, timelines, and access limits are communicated in writing.

Grounds for refusal

  • Protection of privacy of third parties
  • Protection of commercial and confidential information
  • Protection of safety or security
  • Protection of legal privilege and research information
  • Records relating to legal proceedings or restricted by applicable law

Availability and annual reporting

  • This PAIA Manual is available at https://cybersec.co.za/docs/paia-manual and for inspection at principal place of business during normal business hours.
  • The Manual is available on request from the Information Officer and on the Information Regulator eServices portal where required.
  • CyberSec Consultants submits annual PAIA reporting to the Information Regulator as required.
  • For the 2025/26 financial year, no formal PAIA access requests were received during the reporting period.
  • A printable copy is available via browser print-to-PDF, and a PDF copy can be requested from the Information Officer.

Was this page helpful?

Trust and legal

Trust and legal baselinePrivacy notice (POPIA)PAIA ManualCookie and tracking noticeWebsite termsSecurity testing authorizationPlatform termsResponsible disclosure