You are correct to question the overlap. A PAIA Manual mainly deals with access to information and POPIA-related compliance obligations. An Information Security Policy is broader and operational. It focuses on how the organisation protects information assets, systems, networks, and digital infrastructure internally.

So yes, it is still highly recommended for LuminaLeap Technologies, especially as a cybersecurity and digital solutions company.

Information Security Policy

Purpose

LuminaLeap Technologies (Pty) Ltd is committed to protecting its information assets, digital systems, infrastructure, and client information against unauthorised access, disclosure, disruption, modification, or destruction.

Objectives

The objectives of this policy are to:

  • Protect the confidentiality, integrity, and availability of information
  • Reduce information security risks
  • Support business continuity and operational resilience
  • Promote secure information handling practices
  • Support compliance with legal and contractual obligations

Scope

This policy applies to:

  • Employees and contractors
  • Third-party service providers
  • Information systems and infrastructure
  • Cloud services and hosting platforms
  • Physical and digital information assets

Information Classification

Information may be classified according to sensitivity and business impact, including:

  • Public Information
  • Internal Information
  • Confidential Information
  • Restricted Information

Access Control

Access to systems and information is granted based on:

  • Business need
  • Authorised approval
  • Role-based access principles

Users are responsible for maintaining the confidentiality of their credentials.

Asset Protection

LuminaLeap Technologies implements safeguards including:

  • Secure configurations
  • Anti-malware protection
  • Encryption technologies
  • Backup and recovery mechanisms
  • Security monitoring
  • Network protection controls

Incident Reporting

Information security incidents or suspected weaknesses must be reported immediately to authorised personnel or:
security@luminaleap.tech

Acceptable Use

All systems and devices must be used responsibly and in accordance with organisational policies and applicable laws.

Third-Party Risk

Third-party suppliers and partners handling information on behalf of LuminaLeap Technologies may be required to implement appropriate security measures and confidentiality obligations.

Business Continuity

LuminaLeap Technologies aims to maintain continuity of critical services and implement recovery measures in the event of security incidents or operational disruptions.

Compliance

Failure to comply with this policy may result in disciplinary action, suspension of access, legal action, or termination of agreements where applicable.

Policy Review

This policy may be reviewed periodically to ensure ongoing relevance and effectiveness.