ICAEW.com works better with JavaScript enabled.

Guidance on cyber security

Read our latest guidance on cyber security.

A guide to operational resilience

Business and Management Faculty February 2021

A guide on what organisations need to do to design and embed a framework to deliver operational resilience, including guidance on how to audit operational resilience. The first of two papers on operational resilience for internal audit teams.

COVID-19 risk briefing

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Professional Standards Department May 2020

Covid-19 is creating exceptional circumstances and while the country adjusts to life under lockdown, criminals are identifying ways to exploit the vulnerable at this time of uncertainty.

Coronavirus (COVID-19): tech considerations around home working

Tech Faculty March 2020

26 March 2020: coronavirus is forcing many people to work from home to reduce social contact and minimise the associated risk of transmitting the disease. Technology is key to helping people work at home, so what are some of the things to consider when setting up and managing home working for your staff over the coming weeks and months? 

Coronavirus guide: cyber hygiene and data

Tech Faculty March 2019

Criminals thrive in times of uncertainty and fear, and the UK’s National Cyber Security Centre (NCSC) has already reported an increase in cyber threats which refer directly to the coronavirus. This guide outlines the key steps to basic cyber hygiene and highlights some useful resources.

ICAEW Know-How: Personal data breaches

Business Law Department January 2020

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.

Cyber attack response plan

Tech Faculty March 2019

This guide provides an overview of a cyber attack response plan. Organisations of all sizes and types should download this plan today in readiness for when a cyber incident takes place. This will help reduce your business risk and improve business resiliency.

The essential guide to cyber recovery

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Tech Faculty February 2019

How to recover in the event of a data breach. This guide draws on expert insights from our volunteers and members, with some very helpful case studies outlining real life examples – one of which is a ransomware example similar to the scenario above, and where the firm did have a backup.

How to audit the cloud

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Audit and Assurance Faculty November 2018

Cloud computing is transforming business IT services, increasing its operational efficiencies and reducing its costs. But the use of cloud computing services also poses significant risks that need to be planned for by audit committees, boards and management if they are to be handled effectively.

The Cloud and Financial Services

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Financial Services Faculty November 2018

Guidance on the use of cloud computing in Financial Services

Creating a password/pass phrase policy

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Tech Faculty, Business Law Department August 2018

This example password/pass phrase policy could be used by an organisation to help protect client and employee data. It is jointly published by ICAEW's Business Law and Tech Faculty.

GDPR and pension funds

Business Law, Tech Faculty May 2018

This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.

UK GDPR - Communicating safely with clients

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Technical Advisory Services April 2018, reviewed February 2021

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.

UK GDPR - Data mapping and documentation

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Technical Advisory Services April 2018, reviewed February 2021

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand how data mapping and documentation can assist in meeting the requirements of the GDPR.

UK GDPR - Data breaches

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Technical Advisory Services April 2018, reviewed February 2021

Technical helpsheet issued to help ICAEW members understand the requirements of the GDPR in relation to a data breach. Detailed guidance is available from the Information Commissioner’s Office (ICO).

GDPR - Client files

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Technical Advisory Service April 2018, reviewed February 2021

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR as it relates to client files applied to common situations experienced by a member.

Managing risk

Professional Standards Department March 2018

Based on their experience reviewing over 2,000 firms each year, the QAD offers advice on best practice in terms of managing risk.

Tech essentials - 10 steps to cyber security for smaller firms

IT Faculty September 2017

While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.

Internal audit in the age of data analytics

Audit and assurance Faculty June 2017

How internal auditors should strengthen their governance frameworks to cover emerging data-analytics risks in the areas of quality, talent, independence and security.

Cloud adoption – understanding the risk of cloud services

Premium Content: This is exclusive item - please log in or subscribe to view this item.

IT Faculty January 2017

This first part in the series on cloud adoption provides the process to follow when identifying and addressing the risks that arise from adopting a cloud-based strategy for a small business.

Cyber security and MTD

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Tax Faculty Updated February 2017

With many more people starting to keep digital accounting records, and with more electronic interactions between HMRC and tax payers, this represents a new opportunity for cyber criminals to target tax payers and their agents. Experts from ICAEW Information Technology Faculty offer their top tips on how to keep cyber secure.

Glossary of IT Security terms

IT Faculty May 2016

Clear and concise explanations are given for the most common IT security expressions, phrases, acronyms and jargon.

Document retention

Premium Content: This is exclusive item - please log in or subscribe to view this item.

Technical Advisory Services October 2013, updated January 2021

This helpsheet highlights key considerations relating to document retention for accountants.