ICAEW.com works better with JavaScript enabled.

Guidance on cyber security

Read our latest guidance on cyber security.

Displaying 1-34 of 34 results
Exclusive IFRS 15 Revenue from contracts with customers
  • 20 Jul 2023
  • PDF (562kb)
IFRS 15 Revenue from Contracts with Customers sets out the principles for when revenue should be recognised and how it should be measured, together with related disclosures. This factsheet answers some key frequently asked questions about the standard.
Cyber security: How to keep your organisation safe and secure online
  • 23 May 2023
This cyber security guide explains how to best protect yourself, your business and your clients from cyber risks and threats. You can also find additional information in our dedicated cyber security resource centre.
Exclusive Is your business cyber secure?
  • 24 Feb 2023
  • Marsh Commercial
A guide to protecting your accountancy business from cyber-attacks.
Planning for the 2022-23 reporting season
  • 08 Dec 2022
  • PDF (164kb)
This guide looks at what is different about the current reporting season and where to focus your efforts. The guide is aimed primarily at preparers of IFRS and FRS 102 accounts, although the relevance of points will also depend on the size and nature of the business.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET Fraud Issues for members in practice
  • 05 Mar 2021
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW practice members to navigate some of the issues that may arise if they find that they have been victims of fraud.
Exclusive COVID-19 risk briefing
  • 05 May 2020
  • PDF (133kb)
  • Professional Standards Department
Covid-19 is creating exceptional circumstances and while the country adjusts to life under lockdown, criminals are identifying ways to exploit the vulnerable at this time of uncertainty.
Coronavirus (COVID-19): tech considerations around home working
  • 26 Mar 2020
  • Tech Faculty
26 March 2020: coronavirus is forcing many people to work from home to reduce social contact and minimise the associated risk of transmitting the disease. Technology is key to helping people work at home, so what are some of the things to consider when setting up and managing home working for your staff over the coming weeks and months? 
GUIDE ICAEW KNOW-HOW Coronavirus guide: cyber hygiene and data
  • 25 Mar 2020
  • Tech Faculty
Criminals thrive in times of uncertainty and fear, and the UK’s National Cyber Security Centre (NCSC) has already reported an increase in cyber threats which refer directly to the coronavirus. This guide outlines the key steps to basic cyber hygiene and highlights some useful resources.
ICAEW KNOW-HOW GUIDE ICAEW Know-How: Personal data breaches
  • 01 Jan 2020
  • PDF (563kb)
  • Business Law Department
The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.
Exclusive TECH ESSENTIALS The essential guide to data protection when outsourcing
  • 25 Nov 2019
  • PDF (318kb)
  • Tech Faculty
It is often said that data is the new oil – the raw material that drives industry in so many ways. Like all resources, data needs to be used wisely and protected. This guide looks at protecting data when using outsourced services.
Cyber attack response plan
  • 07 Mar 2019
  • Tech Faculty
This guide provides an overview of a cyber attack response plan. Organisations of all sizes and types should download this plan today in readiness for when a cyber incident takes place. This will help reduce your business risk and improve business resiliency.
Exclusive TECH ESSENTIALS The essential guide to cyber recovery
  • 06 Feb 2019
  • PDF (308kb)
  • Tech Faculty
How to recover in the event of a data breach. This guide draws on expert insights from our volunteers and members, with some very helpful case studies outlining real life examples – one of which is a ransomware example similar to the scenario above, and where the firm did have a backup.
Exclusive How to audit the cloud
  • 29 Nov 2018
  • PDF (387kb)
  • Audit and Assurance Faculty
Cloud computing is transforming business IT services, increasing its operational efficiencies and reducing its costs. But the use of cloud computing services also poses significant risks that need to be planned for by audit committees, boards and management if they are to be handled effectively.
Exclusive Creating a password/pass phrase policy
  • 14 Aug 2018
  • Tech Faculty, Business Law Department
This example password/pass phrase policy could be used by an organisation to help protect client and employee data. It is jointly published by ICAEW's Business Law and Tech Faculty.
What does the introduction of GDPR mean for accountants?
  • 11 May 2018
  • PDF (163kb)
These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.
GDPR and pension funds
  • 11 May 2018
  • PDF (165kb)
  • Business Law, Tech Faculty
This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.
GDPR - practical issues for insolvency practitioners and breach issues
  • 01 May 2018
  • PDF (251kb)
  • Professional Standards Department
FAQs for insolvency practitioners on the General Data Protection Regulations (GDPR).
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR - Communicating safely with clients
  • 25 Apr 2018
  • PDF (159kb)
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR - Data mapping and documentation
  • 25 Apr 2018
  • PDF (148kb)
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand how data mapping and documentation can assist in meeting the requirements of the GDPR.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR - Data breaches
  • 25 Apr 2018
  • PDF (190kb)
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW members understand the requirements of the GDPR in relation to a data breach. Detailed guidance is available from the Information Commissioner’s Office (ICO).
Managing risk
  • 21 Mar 2018
  • Professional Standards Department
Based on their experience reviewing over 2,000 firms each year, the QAD offers advice on best practice in terms of managing risk.
What to do about GDPR – a checklist
  • 28 Feb 2018
  • PDF (353kb)
Go through this checklist to make sure you're ready for the introduction of GDPR. The checklist includes: appointing someone senior to oversee the process, reviewing existing information and cyber security, mapping your data, reviewing contracts with clients, suppliers (anyone who processes your data) and employees, drafting data protection policies and procedures, and training staff.
What is the GDPR?
  • 03 Jan 2018
  • PDF (482kb)
These FAQs give accountants an overview of GDPR. It includes questions on how it differs from the current data protection approach, who will have to comply with it and whether Brexit will have an effect. It also explains key terms and concepts, including the accountability principle, the responsibilities of data processors, what a data protection officer is, and issues around data privacy.
TECH ESSENTIALS Tech essentials - 10 steps to cyber security for smaller firms
  • 22 Sep 2017
  • PDF (376kb)
  • IT Faculty
While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.
Internal audit in the age of data analytics
  • 16 Jun 2017
  • Audit and assurance Faculty
How internal auditors should strengthen their governance frameworks to cover emerging data-analytics risks in the areas of quality, talent, independence and security.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET Disclosure of confidential information to the police and other enforcement agencies
  • 01 Jun 2017
  • Ethics Advisory Service
Technical helpsheet issued to help ICAEW members consider confidentiality requirements in the context of disclosure of confidential information to the police and other enforcement agencies such as HMRC and the National Crime Agency.
Not just box ticking
  • 12 Apr 2017
  • PDF (54kb)
  • Alan Calder
  • Chartech
Examining what boards and senior managers must do to meet their obligations under GDPR.
Exclusive Cloud adoption – understanding the risk of cloud services
  • 31 Jan 2017
  • PDF (371kb)
  • IT Faculty
This first part in the series on cloud adoption provides the process to follow when identifying and addressing the risks that arise from adopting a cloud-based strategy for a small business.
Exclusive Financial Modelling, Issue 63
  • 06 Jul 2016
  • PDF (4,453kb)
This 2nd edition is a practical guide to financial modelling in a corporate finance transaction context. That rider is important. The guide is aimed at corporate financiers and modellers who need to prepare, use or review financial models for deals; it is not aimed at financial modellers who need to develop their understanding of corporate finance.
Glossary of IT Security terms Clear and concise explanations are given for the most common IT security expressions, phrases, acronyms and jargon.
Exclusive IP in M&A – legal considerations, Issue 62
  • 23 Feb 2015
  • PDF (547kb)
This guideline identifies key intellectual property (IP) rights and comments on how such rights should be considered in the context of M&A transaction and contractual protections. It also addresses IP transfer and integration.
5 things to think about when considering your IT options
  • 16 Jan 2015
  • Practice Department
Factors to consider when choosing IT infrastructure and systems for your practice.
Data protection and insolvency
  • 29 Jul 2014
The Data Protection Act 1998 (DPA) came into force on 1 March 2000. It sets rules for companies and organisations that deal with personal data. Personal data is information that identifies living individuals. The DPA applies to the processing of personal information and extends to some paper records as well as those held electronically. Its scope is very wide and it imposes a number of obligations. Some obligations are quite onerous on those involved in the processing of personal data. The information on this page is aimed at insolvency practitioners and does not go into detail about the basic...
Exclusive Document retention
  • 01 Oct 2013
  • Technical Advisory Services
This helpsheet highlights key considerations relating to document retention for accountants.
Displaying 1-34 of 34 results