Act no: N/A

Type: Principle-based Code

Purpose: Establish principles for good corporate governance, focusing on ethical leadership, performance, effective control, and legitimacy.

Listed companies on the Johannesburg Stock Exchange (JSE).

The governing bodies and leadership of those organizations, particularly those that are listed on the JSE or are large public entities.

• Technology and information oversight: Governing bodies must oversee integration of technology with people and processes, ensuring resilience, cyber incident response, and third-party risk management [Principle 12]
• Information security architecture: Governing bodies must ensure information confidentiality, integrity, and availability through effective architecture and continuous monitoring [Principle 12]
• Risk governance integration: Technology and information risks must be embedded in overall risk management frameworks [Principle 11]
• Combined assurance: Cyber-related risks and controls should be covered under a combined assurance model to validate the integrity of internal and external reports [Principle 15]
• Compliance oversight: Governance structures must ensure compliance with relevant cyber-related laws and standards [Principle 13]

N/A

N/A

Failure to meet King IV disclosures may weaken stakeholder confidence and could influence regulatory audits and oversight findings.

Trust in an organisation can be damaged, including loss of investor confidence, damage to the organization’s image, and potential loss of business.

CyberProfiler: Your External Vulnerability Scan

Performs a safe, external scan of your public digital footprint to detect security weaknesses visible to attackers.

• Technology and information oversight: Proactive external threat monitoring contributes to effective cyber incident response and third-party risk awareness [Principle 12]
• Risk governance integration: Identified vulnerabilities inform risk assessments and business continuity planning [Principle 11]

DMARC: Stop Email Spoofing and Protect Your Brand

Enforces domain-based email authentication to block spoofing, stop phishing, and boost email deliverability.

• Information security architecture: Enhances integrity and trustworthiness of email communication [Principle 12]
• Compliance oversight: Supports adherence to anti-spoofing email regulations and best practices [Principle 13]

• IoDSA: King IV Report → https://www.iodsa.co.za/page/KingIVReport
• Michalsons: King IV toolkit fit for King IV

(Links verified and active as of May 2025)

Where appropriate, we link to Michalsons’ expertly maintained legal resources and plain-language explanations. We gratefully acknowledge their role in making South African legislation more accessible and understandable.