The NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.
From Guidance to Action: Exploring Practical Enterprise Risk Management
COSO’s “From Guidance to Action: Exploring Practical Enterprise Risk Management” (2026) focuses on making ERM decision‑useful rather than compliance‑driven. It argues that strategy and risk are inseparable and that ERM should influence real choices, not just generate registers, heat maps and RCSAs. The paper introduces ten ERM operating disciplines, including linking strategy and risk, treating value creation as a required outcome, making risk appetite usable, managing risk as a portfolio, prioritising decisions over documentation, measuring value not activity, and embedding ERM into business rhythms. It emphasises lightweight, decision‑led practices: clear trade‑offs, ranges, triggers and ownership at key decision points. Through personas, case examples and a practitioner “translation guide”, it shows how organisations can apply the COSO ERM Framework under real constraints to provide clearer choices, earlier pivots, fewer surprises and stronger board confidence.
Indlulamithi South Africa Scenarios 2035
The Indlulamithi South Africa Scenarios 2035 explores three plausible futures for South Africa between 2024 and 2035, built from 26 high‑impact, high‑uncertainty variables and a refined social cohesion barometer. “Hadeda Home” imagines a fragile, compromise-driven democracy with sluggish reform; “Vulture Culture” depicts a populist, authoritarian, economically stagnant and crime‑ridden narco‑state; and “Weaver Work” portrays a cooperative nation with effective coalitions, green and inclusive growth, institutional renewal and social mobilisation. The scenarios aim to inform long‑term, evidence‑based planning and galvanise collective action across sectors.
KING V Code on Corporate Governance – Background, Objectives and Key Changes
The King V background paper explains that the review of King IV responds to a far more complex context, including climate change, social inequality, geopolitical instability, digital disruption and evolving sustainability reporting standards. The objectives were to align with new regulatory and reporting developments, simplify and clarify the Code, and standardise disclosure via a separate Disclosure Framework. Key changes include reducing the principles from 17 to 13, sharpening recommended practices, clarifying independence criteria and committee composition, strengthening the governance of data, information and technology (especially AI), and explicitly adopting double materiality for sustainability disclosures.
King V Code on Corporate Governance – Disclosure Framework
The King V Disclosure Framework operationalises the “apply and explain” regime by prescribing how organisations must disclose application of the Code’s principles, exceptions on recommended practices, and conclusions on the four governance outcomes. It requires governing body approval, annual review and publication alongside other external reports, and allows cross‑referencing to integrated and other reports to avoid duplication. For each of the thirteen principles, it sets out an exception declaration plus specific qualitative disclosures, focused on satisfaction statements, key activities, and governance judgements needed for stakeholders to assess the quality of governance.
King V on Corporate Governance – Foundational Concepts
The King V Foundational Concepts document explains the definition and purpose of corporate governance, positioning it as ethical and effective leadership aimed at four governance outcomes: ethical culture, performance and value creation, conformance and prudent control, and legitimacy. It clarifies King V’s voluntary legal status, its universal principles and proportional, outcomes-based practices, and the “apply and explain” disclosure regime supported by a dedicated Disclosure Framework. The paper sets out underpinning philosophies of systems value, integrated thinking, Ubuntu-Botho, corporate citizenship, stakeholder inclusivity, double materiality and integrated reporting as core lenses for interpreting and applying the Code.
King V Code on Corporate Governance on a Page
King V on a Page distils the Code into thirteen principles that define what governing bodies should achieve through good governance practices. These principles cover ethical and effective leadership, organisational ethics, sustainable value creation, transparent reporting, and a well‑balanced governing body with clear delegation to committees and management. They also address governance of risk, compliance, data, information and technology, fair and responsible remuneration, assurance, and stakeholder inclusivity. Together, these principles, supported by recommended practices, aim to realise four governance outcomes: ethical culture, performance and value creation, conformance and prudent control, and legitimacy.
King V Code on Corporate Governance for South Africa 2025
King V sets out an outcomes-based corporate governance code for South Africa focused on ethical culture, sustainable performance and value creation, prudent control and legitimacy within the organisation’s economic, social and environmental context. It defines universally applicable principles supported by flexible, proportional recommended practices rather than rigid rules, under an “apply and explain” disclosure regime. The Code emphasises ethical and effective leadership, integrated thinking, responsible corporate citizenship, stakeholder inclusivity and robust oversight of risk, technology, remuneration, assurance and stakeholder relationships to support long-term systems value creation.
KING V CODE ON CORPORATE GOVERNANCE FOR SOUTH AFRICA (Draft)
The King V Code on Corporate Governance for South Africa establishes a comprehensive framework for ethical and effective leadership, emphasising integrated thinking and sustainable value creation within economic, social, and environmental contexts. It defines corporate governance as the pursuit of four main outcomes—ethical culture, performance, conformance, and legitimacy—through the actions of the governing body. Critical principles include ethical leadership, balanced governing body composition, clear delegation, and robust risk and compliance management. The Code advocates stakeholder inclusivity and responsible corporate citizenship grounded in Ubuntu philosophy, guiding organisations to create value for both themselves and broader society. Governance practices are structured around steering the organisation, approving policies, overseeing management, and ensuring accountability. The Code mandates an outcomes-based, “apply and explain” disclosure approach, allowing for proportional adaptation based on an organisation’s size and complexity. It addresses essential domains: ethics, strategy, reporting, risk, compliance, stakeholder management, information governance (including emerging technologies like AI), assurance, and remuneration. Organisations are encouraged to implement leading practices, foster diversity and competence, and ensure independent oversight of committees, with transparency and continuous evaluation central to its application.
Directive in respect of Cybersecurity and Cyber-resilience within the National Payment System
In terms of section 10(1)(c) of the South African Reserve Bank Act 90 of 1989, as amended (SARB Act), the South African Reserve Bank (SARB) is required to perform such functions, implement such rules and procedures, and, in general, take such steps as may be necessary to establish, conduct, monitor, regulate and supervise payment, clearing and settlement systems.
Furthermore, the NPS Act provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in the Republic of South Africa, and for connected matters. The power to perform the functions as provided in the SARB Act and the NPS Act is performed by the National Payment System Department (NPSD) within the SARB. The SARB plays an important role in ensuring the safety, efficiency and resiliency of the national payment system (NPS).