Evolutionary Awards 2025 – ICTS Legal Services: evolution in advice

Category: Evolutions in advice

Describe your evolution:

ICTS Legal Services has created an unprecedented collaboration with DataGr8 and the Cyber Security Institute (CSI) to bring to market a fully automated, independent and technically advanced Joint Standard 2 cybersecurity and cyber resilience offering, making the role of the trustee and their providers efficient and effective, allowing for not just compliance with the Joint Standard but a focus on strong cybersecurity too.

Describe the impact your evolution has had in response to its identified challenges and targeted outcomes.

1. Executive Summary

ICTS Legal Services (Pty) Ltd has revolutionised cybersecurity compliance in South Africa’s retirement fund industry through its pioneering Cyber Risk Assessment System (CRAS) and strategic collaborations. Launched in response to Joint Standard 2 of 2024 on Cybersecurity and Cyber Resilience, our solution delivers automated, independent monitoring and auditing that ensures ongoing regulatory adherence.

By partnering with DataGr8 for cutting-edge automation and Cyber Security Institute (CSI) for specialised technical expertise, we offer a cost-effective, scalable service that combines deep pension law knowledge with advanced cyber defences. This entry showcases how our unique approach empowers retirement funds to mitigate risks, achieve compliance, and protect member data efficiently, setting a new benchmark for innovation in financial services.

2. Company Overview and Services

Founded in 2018 as an independent legal consultancy within the ICTS Group (established 1995), ICTS Legal Services specialises in retirement fund governance, compliance, and risk management. Our team provides niche services including contract drafting, regulatory responses, litigation support, and fiduciary training.

Unlike traditional firms, we operate on a flexible, variable-cost model, free from high overheads, making expert advice accessible to funds of all sizes.

3. Our Unique Offering

Recognising the urgent need for cybersecurity resilience amid rising threats – such as the 18% increase in spyware attacks in South Africa (Mail & Guardian, 2023) and high profile breaches like the 2025 Australian pension fund hacks – we have developed a comprehensive service for Joint Standard 2 compliance. Effective from June 1, 2025, this standard mandates financial institutions, including retirement funds, to implement robust policies, conduct regular testing, manage third-party risks, and ensure independent assessments proportional to their size and complexity.

Our core offering includes:

• Independent reviews of third-party service provider responses.
• Automated gap analysis and trustee board reporting.
• Ongoing monitoring, incident management, and staff training.
• Alignment with related laws like POPIA for data privacy.

This service is delivered through phased implementation: initial assessments, continuous monitoring via dashboards, and annual training, all tailored to trustee constraints.

4. Innovation

At the heart of our innovation is the unique collaboration with DataGr8, a South African cybersecurity leader founded in 2009, specialising in data archiving, migrations, and compliance solutions. Together, we co-developed CRAS, an automated platform that streamlines data capture, risk assessment, and reporting. This partnership integrates DataGr8’s advanced security tools with our legal expertise, creating a seamless, objective system for ongoing compliance.

Complementing this is our alliance with CSI, which brings world-class, independent technical skills in cybersecurity assessments and threat mitigation. CSI’s experience supporting sectors like aerospace and defence ensures our solutions incorporate defence-in-depth strategies, multi-factor authentication, and vulnerability testing.

This collaboration allows us to offer independent assessments – a key requirement of Joint Standard 2 – without conflicts of interest, as we remain unaffiliated with mainstream administrators or asset managers.

Automation is a cornerstone: CRAS features user-friendly dashboards for real-time monitoring, automated questionnaires for third-party vendors, and AI-driven gap analysis that reduces manual effort by up to 50%. For instance, it captures responses from service providers, generates compliance reports, and flags risks instantly, enabling funds to address vulnerabilities proactively.

This allows us to deliver cost effectiveness by minimising labour-intensive processes. Our practical approach demystifies technical complexities for trustees. Pension experts lead the team, translating cyber requirements into actionable plans, while CSI’s specialists handle intricate details like penetration testing and assessments.

This blend of technical prowess and automation has accelerated implementation. Recent enhancements include integration with ICTS Academy for a fully online Joint Standard 2 course (@ just R500 per learner), further emphasising accessibility and efficiency.

5. Conclusion

ICTS Legal Services exemplifies innovation through unique collaborations with DataGr8 and CSI, delivering an automated, cost-effective cybersecurity solution with unmatched technical skills. CRAS not only ensures Joint Standard 2 compliance but also empowers retirement funds to thrive in a threat-laden environment. Our commitment to independence, efficiency, and excellence positions us as a leader in transforming legal services for the financial sector. We are proud to submit this entry, confident in our contributions to a safer, more resilient industry.

Supporting Documentation >