The PPS IT strategy is reviewed by the Group Risk Committee (GRC) and progress is tracked regularly through formal published project plans. This strategy is reviewed annually and progress is highlighted for the GRC along with any adjustments that may have resulted from changed business strategies or environmental developments. This strategy is also regularly reviewed to ensure its alignment with business priorities.
PPS Group IT applies the standards recommended by the Information Technology Infrastructure Library (ITIL). ITIL is a set of good practices for IT service management that focuses on aligning IT services with the needs of business. These standards describe procedures, tasks and checklists that are not organisation-specific and are recommended to be used for establishing a minimum level of competency. They allow the organisation to establish a baseline from which it can plan, implement and measure. They are used to demonstrate compliance and to measure improvement.
PPS Group IT performs annual ITIL maturity reviews which are presented to the GRC. Additionally, KPMG IT Advisory regularly perform IT controls audits and King IV governance audits and an internal security ethical hack. These reviews are intended to provide the PPS Insurance Board with independent assurance on the effectiveness and state of internal controls, as well as confidence in the ability of IT to deliver the approved strategies.
PPS understands and respects that PPS members’ privacy is important to them. PPS limits the collection of personal information to what is necessary. We use and share personal information provided to us by members only in ways that we inform members of. PPS takes all reasonable security measures to prevent personal information from being used and shared for other purposes. The information security objective is to develop a cost-effective strategy that is in alignment with the PPS Group IT and business strategic objectives. The goal is to deliver this through effective risk management where the investment in the relevant security controls is proportional to the risk exposure. The value delivery of information security is realised through the secure enablement of new business initiatives and the standardisation from a controls perspective of the environment, thereby reducing the number of incidents related to malicious code and unauthorised end-user modification of systems.