How much can South African businesses save by switching to open source software?

Most SA businesses running 10-50 users can save R200,000-R1,200,000 per year by replacing Microsoft 365, Salesforce, Adobe, Slack and similar tools with self-hosted open source alternatives.

What open source alternatives exist for Microsoft 365 in South Africa?

LibreOffice, Nextcloud, and OnlyOffice are the leading open source alternatives. Imbertech handles the full migration, server setup, and staff training.

Is open source software POPIA compliant?

Yes. Self-hosted open source solutions often provide better POPIA compliance because data never leaves South African servers. Imbertech's open source migrations include POPIA configuration as standard.

What IT services does Imbertech offer?

Imbertech offers open source migration, cybersecurity, IT compliance, consulting, forensics, IoT, IT operations, development, and training for South African businesses.

Stay Legal. Stay Funded. Stay Open.

Compliance Is Not Optional.

POPIA fines run up to R10 million. A failed ISO 27001 audit costs months of rework and lost contracts. PCI-DSS non-compliance can shut down your payment processing entirely. The cost of getting compliant is always cheaper than the cost of getting caught. We handle the gap analysis, implementation, and certification so your business stays protected and keeps winning tenders.

What We Cover

📋

POPIA Compliance

POPIA fines go up to R10 million or 10 years imprisonment. We audit your data practices, identify every gap, and fix them. Consent forms, processing agreements, breach notification procedures, retention schedules.

🏆

ISO 27001 Certification

ISO 27001 opens doors that are otherwise closed. We manage the whole journey: gap analysis against all 93 Annex A controls, risk assessment, policy development, implementation, and support through certification.

🔍

Risk Assessment

We identify your information assets, map threats, assess likelihood and impact, and give you a ranked risk register. Tells you where to spend your security budget first.

📝

Policy Development

Policies people actually follow, not 80-page documents nobody reads. Information security, acceptable use, incident response, data classification, access control. Plain language, enforceable, aligned to your framework.

✅

Audit Preparation

Evidence collection, control testing, documentation review, mock audit walkthroughs. Your team knows what to expect and what to show. No scrambling the night before.

🔄

Ongoing Compliance Management

Compliance isn't a certificate you frame and forget. Regulations change. Your business changes. New systems get deployed. Staff turn over. We monitor all of it: annual reviews, control effectiveness testing, policy updates, awareness refreshers. You stay compliant because someone is watching.

Frameworks We Implement

We implement them. Control by control. Audit by audit.

POPIA

Protection of Personal Information Act

8 conditions for lawful processing of personal information
Mandatory Information Officer registration with the Regulator
72-hour breach notification requirement
Data subject access request handling procedures
Cross-border transfer restrictions and adequacy assessments
Operator (third-party processor) agreements required

Up to R10 million fine or 10 years imprisonment

ISO 27001:2022

Information Security Management System

93 controls across 4 domains (Organisational, People, Physical, Technological)
Risk-based approach to information security
Statement of Applicability documenting control decisions
Internal audit programme and management review
Continual improvement through corrective actions
3-year certification cycle with annual surveillance audits

Not a legal requirement, but increasingly required for tenders and enterprise clients

PCI-DSS

Payment Card Industry Data Security Standard

12 requirements across 6 control objectives
Network segmentation and firewall configuration
Encryption of cardholder data in transit and at rest
Vulnerability management and penetration testing
Access control and authentication requirements
Monitoring, logging, and incident response

Fines from card brands, loss of ability to process payments

Gaps We Find in Almost Every Assessment

If any of these sound familiar, you're not alone. But you do need to fix them.

No data processing agreements with third-party vendors

POPIA non-compliance. Your vendors process personal data on your behalf without a legal agreement governing how they handle it.

Backup tapes stored offsite with no encryption

Physical theft of backups = full data breach. No encryption means no protection if the tapes walk out the door.

No formal access review process

Former employees still have active accounts. Contractors retained access after projects ended. Nobody checks.

Incident response plan exists but has never been tested

When a breach happens, your team reads the plan for the first time while under pressure. That's not a plan. That's a document.

Personal data retention with no defined schedule

You're storing data you're legally required to have deleted. The longer you keep it, the bigger the breach when it happens.

How We Get You Compliant

From gap analysis to certification. Structured path, no guesswork.

Gap Analysis

We assess your current state against the target framework. Every control gets evaluated: implemented, partially implemented, or missing. You get a clear picture of where you stand and how far you need to go.

Roadmap

Prioritised remediation plan with timelines, effort estimates, and dependencies. Quick wins first, then structural changes. You know what needs doing, in what order, and roughly what it costs.

Implement

We do the work, not just write the report. Policies drafted, controls configured, procedures documented, staff trained. Technical controls deployed and tested. This is where most consultants stop and we keep going.

Certify

Internal audit to validate readiness. Evidence packages compiled. Mock audit walkthroughs. Then we support you through the certification audit itself. We stay in the room and handle the technical questions.

Maintain

Annual surveillance audits, control effectiveness reviews, policy updates, new regulation monitoring. Compliance is a living system. We keep it alive so you don't wake up one day to find your certificate has lapsed.

Works Better Together

Compliance is stronger when it's backed by the right infrastructure and the right skills.

🛡️

Cybersecurity

Security controls and compliance controls overlap heavily. Get both right at once instead of paying for two separate projects that cover the same ground.

📦

Open Source

POPIA requires you to know where your data lives. Self-hosted open source gives you full data sovereignty and eliminates third-party processing risk.

🎓

Training

Compliance frameworks require staff awareness training. We deliver it as part of your programme so your team knows the rules before the auditor asks.

How compliant are you right now?

Free gap assessment. We'll tell you where you stand against POPIA, ISO 27001, or whatever framework applies to you. No obligations. Just clarity.

Get Your Free Compliance Gap Assessment