Neftaly Human Capital Computing Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP104

Document Code: NeftalyP104
Approved By: Chief Executive Officer (CEO)

Date Approved: 06 November 2025

Review Date: 28 November 2026

NeftalyP104-1 Overview

NeftalyP104-1-1 The Neftaly Human Capital Computing Management Policy (NeftalyP104) establishes the governance framework for the secure, efficient, and responsible management of all computing resources within Neftaly Human Capital.
This includes hardware, software, networks, data storage systems, cloud solutions, and other IT assets used to support Neftaly’s Royal Divisions, programs, and operations.

The policy ensures that computing resources are used ethically, securely, and efficiently in alignment with Neftaly’s digital transformation objectives and Royal governance standards.

NeftalyP104-2 Purpose

NeftalyP104-2-1 The purpose of this policy is to:

NeftalyP104-2-1-1 Ensure secure and optimal use of Neftaly computing assets.
NeftalyP104-2-1-2 Define roles and responsibilities for managing computing infrastructure.
NeftalyP104-2-1-3 Promote compliance with information security and data protection standards.
NeftalyP104-2-1-4 Protect Neftaly’s digital systems against misuse, loss, and cyber threats.
NeftalyP104-2-1-5 Support continuous improvement, innovation, and sustainability in computing practices.

NeftalyP104-3 Scope

NeftalyP104-3-1 This policy applies to:

NeftalyP104-3-1-1 All Royal Directors, Deputy Chiefs, Officers, and Human Capital Members using Neftaly computing resources.
NeftalyP104-3-1-2 All Neftaly-owned or managed computers, servers, mobile devices, networks, and applications.
NeftalyP104-3-1-3 Vendors, contractors, and partners with access to Neftaly computing systems.
NeftalyP104-3-1-4 All Royal Divisions, including operations, training, communication, and research systems.

NeftalyP104-4 Policy Statement

NeftalyP104-4-1 Neftaly commits to maintaining an efficient, secure, and ethical computing environment.
All computing resources must be used for legitimate Neftaly purposes, in accordance with legal requirements, internal security protocols, and ethical principles.
Unauthorized or improper use of computing systems is strictly prohibited and subject to disciplinary or legal action.

NeftalyP104-5 Principles

NeftalyP104-5-1 Integrity – Maintain data and system accuracy, consistency, and reliability.
NeftalyP104-5-2 Security – Protect computing assets from unauthorized access, breaches, and misuse.
NeftalyP104-5-3 Efficiency – Use computing resources responsibly to maximize performance and minimize waste.
NeftalyP104-5-4 Compliance – Adhere to all Neftaly ICT, data protection, and cyber governance policies.
NeftalyP104-5-5 Innovation – Promote adoption of emerging technologies for organizational advancement.

NeftalyP104-6 Procedures and Processes

NeftalyP104-6-1 Computing Resource Allocation

NeftalyP104-6-1-1 Computing resources (hardware, software, network access) are allocated by the Royal ICT Division under supervision of the Chief Human Capital Officer (CHCO).
NeftalyP104-6-1-2 All allocations must be recorded in the NeftalyT104-01 Computing Asset Register Template.
NeftalyP104-6-1-3 Only authorized users with official roles may access Neftaly systems.

NeftalyP104-6-2 Software and System Usage

NeftalyP104-6-2-1 All software installations must be approved by the Royal ICT Division.
NeftalyP104-6-2-2 Unauthorized installation, modification, or removal of programs is prohibited.
NeftalyP104-6-2-3 The NeftalyF104-01 Software Access Request Form must be used for new or special system access.

NeftalyP104-6-3 Data Management and Backup

NeftalyP104-6-3-1 All data must be stored on authorized Neftaly servers or cloud systems.
NeftalyP104-6-3-2 Daily automated backups must be maintained and verified weekly.
NeftalyP104-6-3-3 Data backup procedures are documented in the NeftalyT104-02 Data Backup and Recovery Plan Template.

NeftalyP104-6-4 System Security and Access Control

NeftalyP104-6-4-1 Each user must have a unique login and password compliant with Neftaly Password Management Policy (NeftalyP346).
NeftalyP104-6-4-2 System access must be revoked immediately upon termination or role change.
NeftalyP104-6-4-3 Security logs must be reviewed monthly by the Royal ICT Officers.

NeftalyP104-6-5 Network and Internet Usage

NeftalyP104-6-5-1 Neftaly’s network and internet access are to be used for official business only.
NeftalyP104-6-5-2 Prohibited uses include:
- Accessing or sharing inappropriate or non-business content.
- Bypassing network security controls or using unauthorized devices.
NeftalyP104-6-5-3 Violations will result in disciplinary actions under the Royal Disciplinary Procedures.

NeftalyP104-6-6 Hardware and Device Management

NeftalyP104-6-6-1 Devices (laptops, desktops, tablets, mobile phones) must be inventoried using NeftalyT104-03 Hardware Control Template.
NeftalyP104-6-6-2 All hardware repairs and disposals must be authorized through NeftalyF104-02 Device Service Request Form.
NeftalyP104-6-6-3 Obsolete or damaged devices must be disposed of under the Neftaly Disposal Management Policy (NeftalyP155).

NeftalyP104-6-7 Incident Response

NeftalyP104-6-7-1 Any computing or security incident (e.g., data breach, malware attack, unauthorized access) must be reported immediately using the NeftalyF104-03 Computing Incident Report Form.
NeftalyP104-6-7-2 The Royal ICT Division will investigate and recommend preventive actions.
NeftalyP104-6-7-3 A post-incident report must be filed and reviewed by the CHCO.

NeftalyP104-6-8 Continuous Improvement

NeftalyP104-6-8-1 The ICT Division shall review computing performance quarterly and propose updates or system upgrades.
NeftalyP104-6-8-2 The CHCO will ensure compliance audits and sustainability practices are maintained.

NeftalyP104-7 Roles and Responsibilities

Role	Responsibilities
Chief Executive Officer (CEO)	Provides final approval of computing policies and resources.
Chief Human Capital Officer (CHCO)	Oversees computing operations and compliance.
Royal ICT Directors	Manage computing systems, network infrastructure, and cyber risk.
Deputy Chiefs	Supervise officers and ensure policy adherence within divisions.
Officers	Maintain asset records, monitor usage, and report issues.
Human Capital Members	Use computing systems responsibly and report incidents promptly.

NeftalyP104-8 Documentation and Templates

Code	Document / Template Name
NeftalyT104-01	Computing Asset Register Template
NeftalyF104-01	Software Access Request Form
NeftalyT104-02	Data Backup and Recovery Plan Template
NeftalyT104-03	Hardware Control Template
NeftalyF104-02	Device Service Request Form
NeftalyF104-03	Computing Incident Report Form
NeftalyD104-01	ICT Operations Report Document
NeftalyR104-01	Computing Performance Review Report

NeftalyP104-9 Compliance and Enforcement

NeftalyP104-9-1 All users must comply with Neftaly’s ICT, Privacy, and Confidentiality Policies.
NeftalyP104-9-2 Unauthorized system access, data breaches, or misuse of computing assets will result in disciplinary or legal action.
NeftalyP104-9-3 The Royal Audit Committee will conduct biannual compliance audits.

NeftalyP104-10 Review and Evaluation

NeftalyP104-10-1 This policy will be reviewed annually by the Chief Human Capital Officer (CHCO) and Royal ICT Director.
NeftalyP104-10-2 The review will ensure alignment with technological advances, legal updates, and Neftaly’s digital strategy.

NeftalyP104-11 References

NeftalyP104-11-1 Neftaly Information Security Policy
NeftalyP104-11-2 Neftaly Password Management Policy (NeftalyP346)
NeftalyP104-11-3 Neftaly Confidentiality Management Policy (NeftalyP108)
NeftalyP104-11-4 Neftaly Data Protection and Privacy Policy (NeftalyP370)
NeftalyP104-11-5 Neftaly Disposal Management Policy (NeftalyP155)

NeftalyP104-12. FAQs

What is the purpose of the Neftaly Human Capital Computing Management Policy (NeftalyP104)?
Who does NeftalyP104 apply to within the organisation?
Why is human capital computing important at Neftaly?
How does NeftalyP104 support organisational governance?
What key risks does NeftalyP104 aim to control?
Who is responsible for enforcing this policy?
How often is NeftalyP104 reviewed and updated?
What legislation aligns with NeftalyP104?
How does NeftalyP104 support data-driven HR decisions?
What is meant by “human capital computing” in Neftaly?
Is compliance with NeftalyP104 mandatory?
What penalties apply for non-compliance with NeftalyP104?
How does NeftalyP104 link to Human Capital Strategy?
How does the policy support operational efficiency?
Who approves changes to NeftalyP104?
What role does technology play under NeftalyP104?
How does NeftalyP104 protect employee data?
What departments are impacted by this policy?
How does NeftalyP104 enhance performance management?
How does this policy align with Neftaly Corporate Governance?
What are the responsibilities of the Board under NeftalyP104?
What is the role of the COO in human capital computing?
What are the duties of the Human Capital Manager?
What are system users responsible for?
Who manages HR systems access control?
What are line managers’ responsibilities under NeftalyP104?
What role does IT play in this policy?
What responsibilities do employees have for data accuracy?
Who audits human capital computing systems?
Who is accountable for system failures?
Who manages data security and backups?
Who authorises system updates?
Who ensures compliance with POPIA and data laws?
Who manages performance analytics systems?
Who handles payroll computing systems?
Who manages training and development systems?
Who controls system user permissions?
Who resolves system access disputes?
Who reports system risks to management?
Who enforces corrective actions?
Who is allowed to access human capital computing systems?
How is system access requested?
What form is used for user access approval?
Who approves system access requests?
How are temporary users managed?
What happens when an employee exits Neftaly?
How often are access rights reviewed?
What is the process for password management?
Are shared system logins allowed?
How are access violations handled?
What is multi-factor authentication used for?
How is system misuse detected?
What happens if login credentials are compromised?
How are audit logs maintained?
Who can modify user access levels?
How is system access revoked?
What disciplinary action applies to misuse?
How is remote system access managed?
Can contractors access HR systems?
How is access documented?
What type of data is stored in human capital systems?
How is employee data captured?
Who is responsible for data accuracy?
How often is data verified?
What is the procedure for correcting data errors?
How are historical staff records stored?
How long must HR records be retained?
How are electronic records protected?
What is the process for document archiving?
How is sensitive personal data protected?
Who may access confidential HR information?
How is data encryption applied?
What is the protocol for data sharing?
When may data be disclosed externally?
How is data transferred securely?
How is duplication of records prevented?
How are backups performed?
How often are backups tested?
What happens in case of data loss?
How is data disposal handled?
How does NeftalyP104 regulate payroll systems?
Who manages payroll system inputs?
How are payroll changes authorised?
How are overtime records captured?
How are leave records integrated into payroll?
How are deductions processed?
How are payroll audits conducted?
How are payroll system errors corrected?
How is payroll data security ensured?
How are salary adjustments processed?
Who approves payroll runs?
How are payroll reports generated?
How are tax computations managed?
How is PAYE recorded in systems?
How are UIF and statutory deductions captured?
What controls prevent payroll fraud?
How is payroll reconciliation done?
How long are payroll records stored?
How are payroll disputes resolved?
How is payroll compliance monitored?
What is the purpose of performance management computing systems?
Who manages the performance management system?
How are Key Performance Indicators (KPIs) captured?
How often is performance data updated?
Who approves performance scorecards?
How is performance data validated?
How are performance reviews recorded digitally?
How is supervisor input captured in the system?
How are employee self-assessments recorded?
How are performance gaps identified through the system?
How is underperformance flagged in the system?
How are corrective actions linked to performance data?
How are promotions supported by performance analytics?
How is performance history retained?
How does the system support disciplinary decisions?
How are performance bonuses calculated?
How is performance fairness monitored electronically?
How are appeals recorded in the system?
How is performance data protected?
How are performance system audits conducted?
How are training needs captured in the system?
Who inputs training requests?
How is the skills development database managed?
How does the system support Workplace Skills Plans?
How are training approvals processed electronically?
How are training attendance records captured?
How is training completion verified?
How are training certificates stored digitally?
How is training effectiveness evaluated electronically?
How are training budgets tracked in the system?
How are learnerships recorded on the system?
How are internships managed through computing platforms?
How is compliance training tracked?
How are accredited courses recorded?
How are external training providers captured?
How is SETA reporting supported by the system?
How is training data submitted for audits?
How long are training records retained?
How is learner progress monitored?
How is training return-on-investment analysed?
How does NeftalyP104 govern recruitment systems?
How are job vacancies captured electronically?
Who approves electronic vacancy postings?
How are applications received and stored?
How is applicant data protected?
How are shortlisting records captured?
How are interview scores recorded?
How are background checks documented digitally?
How are appointment approvals captured?
How are offer letters generated through the system?
How are declined applicants recorded?
How is recruitment turnaround time tracked?
How are recruitment compliance audits supported?
How is recruitment data archived?
How is fairness monitored electronically in recruitment?
How are recruitment reports generated?
How are recruitment disputes logged?
How are recruitment system access levels controlled?
How is recruitment system downtime managed?
How is recruitment data integrated into HR records?
How are leave applications submitted electronically?
Who approves electronic leave requests?
How is sick leave captured on the system?
How is family responsibility leave recorded?
How are annual leave balances calculated?
How are public holidays programmed into the system?
How is overtime captured electronically?
How is time and attendance monitored?
How are biometric records managed?
How is clocking data reconciled with payroll?
How are absenteeism trends analysed?
How are attendance violations flagged?
How are attendance reports generated?
How is leave data audited?
How is leave abuse prevented through system controls?
How are study leave records managed?
How are special leave categories recorded?
How is remote attendance tracked?
How are attendance disputes resolved?
How long are attendance records retained?
What is system interoperability in human capital computing?
Which systems are integrated under NeftalyP104?
How is payroll linked to HR master data?
How is performance data linked to training systems?
How is recruitment data migrated into employee records?
How are duplicate employee numbers prevented?
How is master data governed?
How is data synchronisation managed?
How are integration errors identified?
Who resolves data interface failures?
How often is system integration tested?
How are system upgrades coordinated?
How is integration security enforced?
How are third-party systems approved for integration?
How is data transfer logged?
How are integration risks assessed?
How is system downtime communicated?
How is business continuity supported by integration?
How is disaster recovery supported by system integration?
How is integration compliance audited?
How does NeftalyP104 ensure compliance with labour legislation?
How are statutory reports generated electronically?
How is compliance evidence stored digitally?
Who is responsible for legal compliance on HR systems?
How are compliance deadlines programmed into systems?
How are BCEA requirements supported by the system?
How are LRA compliance records maintained?
How is EEA reporting supported electronically?
How is COIDA data managed digitally?
How are UIF records captured and reported?
How are POPIA requirements enforced within HR systems?
How is employee consent recorded digitally?
How are legal audits supported by HR systems?
How are labour inspections supported electronically?
How are disciplinary case records stored securely?
How are grievance records managed digitally?
How are CCMA case records archived?
How is legal correspondence stored and tracked?
How is compliance risk flagged by the system?
How are compliance breaches escalated electronically?
How is HR computing risk identified?
How are system-related HR risks assessed?
How are HR system risk registers maintained?
Who owns HR computing risks?
How are risks categorised in the system?
How are mitigation controls embedded into HR systems?
How are high-risk transactions flagged?
How is segregation of duties enforced digitally?
How are access risks monitored?
How are audit trails used for risk control?
How are fraud risks detected electronically?
How are system overrides controlled?
How are abnormal transactions escalated?
How is risk reporting generated?
How are risk reviews scheduled?
How are system failures recorded as risks?
How are cyber risks linked to HR systems?
How are business risks integrated with HR risks?
How are vendor system risks managed?
How are HR computing risks reviewed by management?
How is HR computing audited?
How often are HR systems audited?
Who conducts HR computing audits?
How are audit scopes defined?
How are audit findings captured electronically?
How are audit action plans monitored?
How are repeat audit findings prevented?
How are audit reports approved and stored?
How are system logs used in audits?
How is continuous monitoring implemented?
How are exception reports generated?
How are audit trails preserved?
How is audit independence safeguarded?
How are forensic audits supported by the system?
How are surprise audits supported electronically?
How are audit outcomes communicated?
How are audit recommendations enforced?
How is audit readiness maintained?
How are external audits supported?
How is audit compliance measured?
How does NeftalyP104 support POPIA compliance?
How is personal employee data classified?
How is sensitive HR data encrypted?
Who may access confidential employee records?
How is data access logged?
How are data breaches detected?
How are data breaches reported?
How are breach investigations documented?
How is employee data anonymised where required?
How is consent withdrawal processed?
How is data subject access managed?
How are correction requests handled electronically?
How are data retention limits enforced?
How is data destruction automated?
How is HR data backed up securely?
How is off-site backup protected?
How is cloud HR data secured?
How are third-party data processors governed?
How is data privacy training tracked?
How is ongoing privacy compliance monitored?
How is HR system cybersecurity governed?
How are firewalls configured for HR systems?
How is multi-factor authentication enforced?
How are cyber threats monitored?
How are malware risks mitigated?
How are phishing attacks detected?
How are security incidents recorded?
How are security breaches escalated?
How is vulnerability testing conducted?
How are penetration tests scheduled?
How are security patches managed?
How are antivirus systems monitored?
How are privileged accounts controlled?
How is remote system access secured?
How are mobile HR systems protected?
How are backup systems tested?
How is system restoration tested?
How are cyber governance reports generated?
How are security compliance audits supported?
How is continuous cybersecurity improvement maintained?
How are HR computing assets recorded in the asset register?
How are laptops issued to HR staff?
How are desktops allocated to HR offices?
How are HR system servers managed?
How is hardware lifecycle tracked?
How is HR equipment maintained?
How are faulty HR devices reported?
How are HR assets written off?
How is HR equipment insured?
How is physical security of HR computing assets ensured?
How are HR computer rooms access-controlled?
How is power backup provided for HR systems?
How is network uptime monitored for HR systems?
How are HR printers managed and secured?
How are scanners used for HR document digitisation?
How are HR biometric devices managed?
How are asset audits conducted?
How are stolen HR assets reported?
How are lost HR devices deactivated?
How is asset disposal conducted securely?
How are HR system vendors approved?
How are HR software licenses managed?
How are licensing compliance audits conducted?
How are vendor SLAs defined?
How are SLA performance indicators measured?
How are SLA breaches reported?
How are penalties for SLA breaches applied?
How are vendor contracts reviewed?
How are HR system upgrades approved?
How are third-party HR systems integrated?
How are data sharing agreements governed?
How are vendor background checks conducted?
How are vendor access rights controlled?
How is vendor performance evaluated?
How are vendor-escalated issues managed?
How are vendor payments linked to performance?
How are emergency vendor support requests handled?
How are vendor contracts archived?
How are vendor risk assessments conducted?
How is vendor exit managed?
How are HR system changes requested?
How are system change requests evaluated?
How are change impacts assessed?
How are change approval committees constituted?
How are user acceptance tests conducted?
How are HR system upgrades tested?
How is parallel system running managed?
How are staff trained on new system changes?
How are system changes communicated?
How are failed system changes rolled back?
How are emergency system changes approved?
How are change logs maintained?
How are system patches deployed?
How are version controls maintained?
How are change-related incidents managed?
How are lessons learned documented?
How are obsolete system functions retired?
How is change resistance managed?
How are continuous improvements prioritised?
How is post-change evaluation conducted?
How is HR system disaster recovery defined?
How are HR disaster recovery plans developed?
How often are disaster recovery plans tested?
How are HR critical systems classified?
How are recovery time objectives determined?
How are recovery point objectives determined?
How are HR system backups validated?
How is off-site disaster recovery activated?
How are HR operations restored after failure?
How is communication handled during system disasters?
How are temporary manual HR processes activated?
How is payroll continuity ensured during outages?
How are leave systems operated during downtime?
How is recruitment processing maintained during outages?
How are training records protected during disasters?
How are HR disaster roles assigned?
How are disaster drills conducted?
How are disaster recovery gaps addressed?
How is business continuity reporting done?
How are post-disaster reviews conducted?
How is HR data extracted for analysis?
How are HR dashboards configured?
How are turnover reports generated?
How are absenteeism trends analysed?
How is workforce planning supported by analytics?
How are training impact reports produced?
How is performance data analysed?
How are promotion trends analysed?
How are equity targets monitored electronically?
How are succession planning reports created?
How are remuneration analysis reports generated?
How are overtime trends monitored?
How are contract expiry alerts generated?
How are disciplinary trend reports compiled?
How are grievance trends analysed?
How is employee engagement measured digitally?
How are HR forecasting models developed?
How are predictive analytics used in HR?
How are HR analytics risks managed?
How is HR data integrity ensured for analytics?
How is digital transformation aligned with HR strategy?
How are manual HR processes identified for automation?
How are business cases for HR automation developed?
How are robotic process automation (RPA) tools approved?
How is automation risk assessed in HR computing?
How are automated HR workflows tested?
How is user acceptance ensured for automated processes?
How are automated payroll controls validated?
How are automated recruitment systems governed?
How is automation monitored for system errors?
How are automation performance metrics measured?
How are automation exceptions handled?
How is automation security ensured?
How are automation roles and responsibilities assigned?
How are automation training needs identified?
How are automation changes documented?
How are automation-related incidents reported?
How are automation upgrades managed?
How is automation ROI evaluated?
How is automation aligned with POPIA compliance?
How are e-learning platforms integrated with HR systems?
How are staff training records synchronised electronically?
How are learning completion reports generated?
How are digital certificates stored securely?
How are LMS user roles managed?
How are LMS access approvals processed?
How are online assessments secured?
How are remote training sessions monitored?
How is bandwidth managed for virtual HR training?
How are LMS outages handled?
How are training compliance audits conducted electronically?
How are skills gap analytics generated digitally?
How are learning paths automated?
How are succession readiness levels updated from LMS data?
How are professional development hours tracked digitally?
How are external training providers integrated electronically?
How is learner data protected on e-learning platforms?
How are LMS performance benchmarks measured?
How are LMS upgrades approved?
How are LMS vendor contracts managed?
How are HR electronic document standards defined?
How are digital personnel files created?
How are scanned documents verified for accuracy?
How are metadata standards applied to HR records?
How are HR records indexed for retrieval?
How are electronic filing structures governed?
How are HR document access permissions managed?
How are HR documents version-controlled?
How are electronic document retention rules applied?
How are obsolete electronic HR records disposed of?
How are electronic records audits conducted?
How are e-discovery requests processed?
How are litigation hold notices implemented?
How are HR documents protected from unauthorised alteration?
How are document backups verified?
How are electronic HR records restored if corrupted?
How are audit trails maintained for HR documents?
How are mobile document scans secured?
How are cloud-based HR documents governed?
How are inter-departmental HR document exchanges secured?
How is HR system performance monitored?
How are system uptime metrics measured?
How are response time benchmarks established?
How are system bottlenecks identified?
How are load testing exercises conducted?
How are performance alerts configured?
How are system optimisation plans developed?
How are database performance issues resolved?
How is system capacity planning conducted?
How are peak usage periods managed?
How are system crashes logged and analysed?
How are recurring performance issues escalated?
How are performance audit reports compiled?
How are performance improvements verified?
How are performance baselines updated?
How are system health dashboards maintained?
How are user performance complaints addressed?
How are system stress tests scheduled?
How are hardware upgrades aligned with performance needs?
How is third-party system performance monitored?
How is artificial intelligence governed in HR systems?
How is machine learning used in talent analytics?
How are AI recruitment tools validated for fairness?
How is algorithmic bias monitored?
How are chatbots deployed for HR queries?
How is AI decision transparency ensured?
How are biometric advancements evaluated?
How are blockchain technologies considered for HR records?
How is cloud-native HR architecture governed?
How are mobile-first HR systems approved?
How are wearable technologies assessed for HR use?
How are smart attendance systems governed?
How are digital identity systems secured?
How is AI ethics enforced in HR computing?
How is automation maturity measured?
How are future technology risks assessed?
How is HR innovation funded?
How are HR technology pilots conducted?
How are pilot results evaluated for scalability?
How is continuous HR technology modernisation governed?

NeftalyP104-13. Approval

Approved By:
Neftaly Malatjie
Chief Executive Officer