Powell Tronics’ Visitor Management POPI Act Compliance

This letter serves to confirm that both the PT-Scan and PT-Guest visitor management solutions developed and supported by Powell Tronics (Pty) Ltd, are compliant with the South African Act 4 of 2013: Protection of Personal Information (POPI) in terms of meeting the stipulated regulations regarding the manner in which personal identification data is captured, stored, utilised and discarded.

Being aware of the SA governments proposed enforcement of the POPI Act in 2020, Powell Tronics has endeavoured over the last 18 months to develop and implement multiple security layers and features to both the PT-Scan and PT-Guest solutions. By employing a phased approach, we were able to implement security features onto existing sites during the standard upgrades without negatively affecting a live site and gradually enforcing them in the next release giving the sites ample time to accommodate the new requirements. The final security layer for PT-Guest will be enforced in Q2 of 2020, whereby any PT-Guest site using the visitor Pre-authorisation feature will have to have SSL (Secure Sockets Layer) implemented on their publically accessible PT-Guest domain in order to access their pre-authorise portals (web browser or mobile apps).

Note: Secure Sockets Layer or SSL is the standard security technology protocol for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the 2 sockets is confidential. By convention, websites that require an SSL connection start with https: instead of http:

Other security features or levels that have already been implemented in either or both systems include but are not limited either visitor, contractor nor resident data is stored on the handheld license scanners. All contractor company and resident destination is retrieved from the web server upon each request

Access to the scanner’s config is password protected with a rolling password
Encrypted data transfer from handheld license scanners to servers over Wi-Fi
Encrypted data transfer from within the web pre-authorise portal to the PT-Guest Web server i.e.Visitors name and contact details
– Please note that data captured in the logon screen of the web portal (username and password)is only securable by implementing SSL which remains the responsibility of the site or theirrespective installer or IT service provider to implement
Mobile applications (Android or IOS) have to comply with the mobile OS manufacturers’ GDPRrequirements in order to be available on the respective app stores
– Apps that do not comply either don’t get published or get disabled until it they have beencorrected by the developer and re-verified by the App stores
2-step PT-Guest API authentication for 3rd Party integrators, each with their own unique integrators IDthat is required to authenticate against a secure Powell Tronics web service
“Purge Visitor” function is available in the PT-Guest app whereby Visitor data can be manually purgedby date of capture

– I.e. All visitor that was captured 6 months ago and have not returned to site since, will be purged during this manual process
– Please note that this function does not Archive the data, it discards it completely from the database

 All resident and contractor company information can only be captured within the access control system and is retrieved on a need basis
 Reporting is accessible to administrators only using an alternate web address (PT-Guest IXP) or defined by user level captured in access control system (PT-Guest Portal)
 Databases and systems are username and password protected

As indicated above, Powell Tronics strives to ensure that our systems are secure and in line with industry security trends and will continue to implement additional security levels or features as vulnerabilities present themselves. However, with PT-Scan and PT-Guest being on premise solutions rather than cloud based, it is also imperative that the site on which it is installed ensure that all necessary security measures are in place, with the assistance of the installer or networking service provider.

These security measures include but are not limited to:
 SSL implementation on the publically accessible web portals
 Change default systems passwords
 Secure network on site (Wi-Fi for scanners, access control network)
 Access control and visitor management server to be stored in secure location (i.e. not in reception or guard house)
 Limit the number of users that have access to the access control and visitor management server and/or work stations
 Unique usernames and passwords for users (audit trail purposes)
 Ensure that system backups are done elsewhere on the network rather than to an external drive that permanently resides on the server
 Define proper procedures and regular timelines for archiving of visitor data

Please note an extract from our solutions Software License Agreement that must be agreed to on system installation.

Protection of personal information
In terms of South African Act No.4 of 2013: Protection of Personal Information Act, 2013 (POPI) it is a criminal offence to use the information in this system for any other purpose than which the visitor gave express consent. You as a user of the system will be personally liable for any information extracted, exported or withdrawn from this system. The law explicitly prohibits further processing of information that is not in line with the original purpose for which the visitor gave consent. To comply, this system encrypts data and protects it with passwords and user rights. You as end user will be accountable for what you do with the data in this system. You are required to put measures in place to ‘take appropriate, reasonable, technical organisational measures’ to protect personal information.
This also applies if you are a reseller or consultant installing this software for a client, the responsibility is on you to make your client aware of this legal responsibility.

We hope the above information satisfies any POPI compliance concerns regarding our bespoke visitor management solutions. Should there be any further queries, please feel free to contact us.

0861 PT Sale

0861 PT Help