Plain-English definitions of the terms you'll meet using digital forms in South Africa — from FICA and POPIA to dual-layout architecture and OTP authentication. Bookmark this page; share definitions with your team.
A tamper-evident record of every action taken on a document or form — who opened it, who signed it, what IP and device they used, and when. A defensible audit trail is what turns an electronic signature from a picture-of-a-signature into evidence. FlexForms embeds the audit trail directly inside the generated PDF so it can't be detached from the signed document.
The South African statute that sets minimum employment conditions: working hours, leave entitlements (annual, sick, family responsibility, maternity), notice periods, and so on. HR forms — especially leave applications, employment contracts, and onboarding — must align with BCEA requirements. The FlexForms Leave Application template is BCEA-aligned.
A contract between a data controller (your business) and a data processor (a vendor like FlexForms) that sets out exactly how personal information will be handled, secured, and returned or deleted. Required under POPIA whenever you let a third party process personal information on your behalf. FlexForms ships a standard DPA on every paid plan and supports custom DPAs on Enterprise.
A structured risk assessment you perform before starting a new project or process that involves personal information. A DPIA documents what data you're collecting, why, who has access, what could go wrong, and how you've mitigated those risks. Recommended (and in some cases required by the Information Regulator) for high-risk POPIA processing. FlexForms Enterprise includes DPIA templates and breach-notification automation.
A form-design pattern, native to FlexForms, where the on-screen capture form and the resulting PDF are designed independently from a shared field schema. The capture screen is optimised for thumbs and small screens (one field per scroll, big tap targets); the PDF is laid out like a proper document with letterhead, sections, and professional typography. Most form tools tightly couple these two surfaces, forcing a compromise — FlexForms decouples them so the recipient gets a great mobile UX and the business gets a great document.
The South African statute that governs electronic transactions. Most relevantly for forms, ECTA section 13 recognises electronic signatures as legally valid where (a) the signing method identifies the person and indicates their intent and (b) the method is reliable and appropriate to the purpose. FlexForms strengthens reliability with OTP-verified identity and an embedded audit trail. A small number of document types (wills, certain property transfers, bills of exchange) are excluded from ECTA and still require wet-ink signatures — covered in detail in our e-signature legal guide.
Any data attached to or logically associated with an electronic document that's intended to function as a signature. In practice that ranges from typed name in an email signature line, through a finger-drawn signature on a tablet, up to a cryptographically bound advanced electronic signature backed by a SAAA-accredited certificate authority. ECTA recognises all of these as valid for ordinary business contracts — what changes is how easy each is to dispute. FlexForms produces a strong ordinary electronic signature: drawn signature plus OTP-verified phone or email plus IP/device metadata plus tamper-evident audit trail.
The South African anti-money-laundering statute. It requires "accountable institutions" (banks, attorneys, estate agents, FSPs, casinos, accountants, and others listed in Schedule 1) to verify the identity of clients before transacting, keep records of those verifications, and report suspicious activity. The verification process is informally called "doing a FICA". The FlexForms FICA / KYC template covers the standard FICA fields: identity document, proof of address, source of funds, and PEP declaration.
The international term for the customer-verification process. In South Africa, KYC obligations are codified in FICA, but the term "KYC" is used more broadly — for example in fintech onboarding, crypto exchanges, or B2B due diligence where FICA technically doesn't apply but the same verification practices are followed.
The South African statute that requires employers to provide a safe working environment and to record & report workplace incidents. The FlexForms Incident Report template captures the data points needed for an OHSA-compliant incident record: time/place, persons involved, injuries, witnesses, immediate actions, root cause, and corrective measures.
A short numeric code, valid for a single sign-in or single transaction, sent over a separate channel (typically SMS, WhatsApp, or email) to verify that the person on the other end actually controls that phone number or email address. FlexForms uses OTPs to authenticate every form recipient before they can open and sign — turning a "click this link" into "click this link and prove you own this phone".
A person who holds (or recently held) a prominent public function — a head of state, senior politician, judge, military officer, senior executive at a state-owned enterprise — or a close family member or known associate of such a person. FICA requires accountable institutions to apply enhanced due diligence to PEPs because of the elevated risk of corruption and money laundering. FlexForms KYC templates include a PEP declaration field by default.
South Africa's general data-protection statute, broadly equivalent to the EU's GDPR. POPIA defines eight conditions for lawful processing of personal information (accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, data subject participation) and gives data subjects rights of access, correction, and deletion. FlexForms includes POPIA basics on every plan: subject access, retention rules, deletion workflows, encryption, and an audit log. Enterprise adds DPIAs, breach automation, and extended retention.
The national tax collection authority. Many onboarding forms (employment, supplier, client) need to capture a SARS-issued tax reference number. FlexForms validates basic format on these fields and stores them as personal information under POPIA controls.