Your governing body is
personally accountable
for cybersecurity.

CLASP helps small and mid-size FSPs get and stay compliant with Joint Standards 1 and 2. Practical, proportionate, and built for the way your business actually works.

Talk to us — no obligation
Who we work with
We understand your perspective

The Joint Standards are complex, but compliance doesn't have to be. We offer stakeholder-specific engagement, ensuring that every department and leader receives the targeted insights needed for full regulatory alignment.

Compliance Officer
You know the obligation exists. You need someone to deliver it.
You need a structured partner who can produce the documentation, run the testing programme, and give you something concrete to present to the board.
"I know we're not compliant. Where do we even start?"
Director / Governing Body
You approved the MSP contract. That is not enough.
JS2 §4.1 places personal accountability on you. That means approving a framework, receiving reports, and being able to demonstrate, not just assert, that controls are in place.
"What exactly does the FSCA expect from our board?"
CEO / Business Owner
You run a well-managed business. JS2 should not feel like a crisis.
Getting this right is achievable for a well-run FSP of your size. It requires the right expert, not a large internal team or a full-time CISO.
"Is this really as serious as they say? How much work is it?"
Quick self-assessment
Benchmark Your Regulatory Readiness?

Select the position that sounds most like your institution. We'll tell you what it means and what to do next.

Take a quick self-assessment test here
1
Starting out
JS2 is on the radar but nothing structured has begun. No board-approved framework, no asset inventory, no incident response plan.
2
In progress
An MSP is in place and some policies exist, but no JS2 framework has been produced and the board hasn't formally approved anything.
3
Documented but unverified
Documentation exists but hasn't been independently reviewed and controls haven't been tested. It's unclear whether what's on paper reflects reality.
4
Compliant but ageing
The institution was in good shape at a point in time, but the annual review required by JS2 §6.2.2 has lapsed and documentation no longer reflects current operations.
5
Actively maintained
The framework is board-approved, controls are tested on schedule, the MSP is overseen through a defined process, and the annual review is running.
Not started Actively maintained
How we help
Qualified Insight. Independent Objectivity

CLASP is an advisory practice. We assess, document, and oversee—we do not deliver technical controls. That separation is deliberate: it keeps our advice unbiased, your audit findings defensible, and your regulatory posture transparent.

Full compliance engagement
Gap analysis against all JS1 and JS2 requirements, full documentation pack, MSP contract review, and governing body presentation. Built from scratch and delivered in around six weeks.
For positions 1 and 2
Review and verification
Independent review of existing documentation. We close the gaps, re-establish the annual review cycle required by JS2 §6.2.2, and brief the governing body.
For positions 3 and 4
Ongoing vCISO retainer
Annual independent framework review, quarterly MSP oversight, tabletop exercises, governing body reporting, and incident response support, without a full-time CISO.
For all positions
Get in touch
Let's start with a conversation.

No obligation. No pressure. Just clarity on where you stand and what, if anything, needs to happen next.

We respond within one business day. No spam, ever.

Email
info@clasp.co.za
Phone
087 087 8749
Office
102 Howard Terraces, Pinelands, 7405