ComplyBar - AI Data Leak Prevention & Compliance Intelligence
AI Data Leakage & Compliance Risk Assessment
Governance Risk Assessment - Sample Report
Organisation: Ndaba & Associates (Pty) Ltd
Industry: Accounting & Financial Services
Staff Count: 12 users, 1 branch
Report Date: 11 June 2026
⚠ RISK LEVEL: HIGH - Immediate action required across multiple governance areas
Confidential - Prepared for Management Use Only - ComplyBar Governance Intelligence Platform
ComplyBar assessed Ndaba & Associates across 5 governance domains using 57 structured questions. The current AI data leakage and compliance risk score is 35/100 (HIGH RISK). Implementing the recommended actions could raise the score to 62/100 (MEDIUM RISK). Three critical vulnerabilities require immediate attention.
Overall Risk Score
A score below 40 indicates significant exposure to data leakage, regulatory risk and reputational harm. This organisation has gaps across multiple critical areas that require immediate attention.
0 - Critical Risk50 - Medium Risk100 - Low Risk
📈 Projected Score After Remediation
Implementing the 8 priority actions below is projected to raise your score to 62/100, moving from HIGH to MEDIUM risk within 30 days.
Domain Score Breakdown
| Governance Domain | Score | Risk Level | Score Distribution |
|---|
| POPIA & Data Governance |
28 |
High Risk |
|
| AI Tool Usage |
18 |
High Risk |
|
| Document & File Handling |
41 |
Medium Risk |
|
| Email & Communication |
52 |
Medium Risk |
|
| Staff Behaviour |
38 |
High Risk |
|
AI Tool Usage and POPIA Governance scored below 30, indicating critical gaps. Document handling and email behaviour require urgent policy and process controls.
Key Findings - 10 Issues Identified
| # | Severity | Finding |
|---|
| 1 |
Critical |
Staff are pasting client contracts and ID documents directly into ChatGPT. No monitoring, policy or audit trail in place. |
| 2 |
Critical |
No designated Information Officer appointed. POPIA compliance obligations are unmet and the business is exposed to regulatory action. |
| 3 |
Critical |
Payroll records are stored in a shared Google Drive folder accessible by all staff. No access controls or permission audit. |
| 4 |
High |
Personal Gmail accounts are used routinely for sending client documents. No email policy or confidentiality disclaimers exist. |
| 5 |
High |
Former employee accounts are still active and able to access company files and client databases. |
| 6 |
High |
No documented data breach response plan. The organisation would not know how to notify the Information Regulator if required. |
| 7 |
Medium |
Staff have not received POPIA training. Awareness of data handling obligations is low across the organisation. |
| 8 |
Medium |
Cloud storage links are shared externally as 'anyone with the link'. 34 folders identified as publicly accessible. |
| 9 |
Medium |
WhatsApp groups are used to share ID numbers and banking details with clients and third parties. |
| 10 |
Low |
Two-factor authentication is not enabled on email or cloud platforms. Accounts are vulnerable to unauthorised access. |
Priority Action Plan
| # | Timeline | Action | Impact |
|---|
| 1 |
Immediate |
Appoint an Information Officer and register with the Information Regulator |
|
| 2 |
Immediate |
Disable all former employee accounts within 24 hours |
|
| 3 |
Week 1 |
Restrict payroll folder access to HR and finance staff only |
|
| 4 |
Week 1 |
Issue an AI tool usage policy prohibiting client data in ChatGPT/Claude |
|
| 5 |
Week 2 |
Enable 2FA on all business email and cloud platform accounts |
|
| 6 |
Week 2 |
Run a POPIA awareness session with all staff |
|
| 7 |
Month 1 |
Audit all external cloud sharing links and remove public access |
|
| 8 |
Month 1 |
Implement a data breach response procedure and test with management |
|
Recommended Next Step
RECOMMENDED PACKAGE
Business Monitoring
R999/month
Up to 30 users • AI monitoring • Manager approval workflows • Advanced reporting • POPIA alerts • Audit logging
YOUR 14-DAY ASSESSMENT
Start with a full 14-day monitored assessment to validate these findings with real usage data. Your organisation gets a complete governance baseline before committing to a subscription.
Assessment from R750
Payment by EFT • Report delivered online
This is a sample report. Your actual report will reflect your specific company, staff, AI tool usage patterns and data handling practices. Scores and findings are generated from your responses to 57 structured governance questions.
Privacy note: ComplyBar uses metadata and self-assessment responses only. No email content, document body text or message content is ever stored or transmitted.
Contact: complybarsales@oursystem.live 081 427 5777 | www.complybar.co.za