Useful links

If you find a broken link, please help us and others by send us email to let us know which link is broken. We check links regularly, but many of the links on this page are to external web sites and we have no control over changes made to them.

PROFESSIONAL BODIES

British Computer Society

Institute of Risk Management

IIA Inc parent body of IIA

International Professional Practice Framework

Standards and Guidance from the IIA

IIA Australia

What's going on down-under

The Information Commissioner's Office

Data protection and personal data matters

The Chartered Institute of Public Finance and Accountancy

The Information Systems Audit and Control Association (ISACA)

The Information Systems Security Association
A not-for-profit, international organisation of information security professionals and practitioners

Institute of Chartered Secretaries and Administrators
Global voice on governance and regulatory issues in the private, public and not-for-profit sectors

The Association for Project Management

GOVERNANCE AND RISK MANAGEMENT

UK Corporate Governance Codes

Governance Codes for all Countries

The A - Z of governance around the world

IT Governance Institute
Guidance on current and future issues pertaining to IT governance, control and assurance

OECD - Organisation for Economic Cooperation and Development
International Corporate Governance issues, including the OECD Guidelines on Corporate Governance of State-Owned Enterprises

The Committee of Sponsoring Organisations of the Treadway Commission (COSO)
Organisation dedicated to improving the quality of financial reporting through ethics, effective internal controls, and corporate governance

Institute of Risk Management – Risk Management Standard

This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK - The Institute of Risk Management (IRM),The Association of Insurance and Risk Managers (AIRMIC) and ALARM The National Forum for Risk Management in the Public Sector

HM Treasury Governance and Risk
Governance, Fraud, Internal Audit and Risk

AUDIT AND REPORTING

Financial Reporting Council

Links to Accounting Practices Board, Auditing Practices Board and others

Audit Commission - Code of Audit Practice 2010 - Local Government

Also includes codes for 2005 and 2008

Audit Commission - Code of Audit Practice 2010 - Local NHS bodies

Also includes codes for 2005 and 2008
 

Review of Civil Procurement in Central Government 

The Gershon Report

Review of Construction Procurement (including PFI)

Includes key recent policy documents and case studies

Serious Fraud Office 

Dealing with fraud, bribery and corruption

LEGISLATION – UK & EUROPE

Browse UK Legislation
Rapidly find relevant UK legislation

Computer Misuse Act 1990
Computer abuse

Consumer Protection (Distance Selling) Regulations 2000

Convention for the Protection of Human Rights - Europe
Human Rights and the Council of Europe, read in conjunction with UK Human Rights Act

Copyright, Designs and Patents Act 1988
(Includes) Software protection

Data Protection Act 1998
Personal data and personal & sensitive data

Data Protection Act Audit Guide

Audit Guide from the Office of the Information Commissioner

Data Protection Act and Monitoring in the Workplace (pdf)

Electronic Communications Act 2000
Cryptography and the facilitation of electronic commerce through the use of digital signatures

Data Protection in the European Union

Freedom of Information Act 2000 (UK) and Freedom of Information Act 2002 (Scotland)

Human Rights Act 1998
UK Human Rights Act

Privacy and Electronic (EC Directive) Regulations 2003
Legislation that assists privacy in the field of telecommunications

Proceeds of Crime Act 2002
About recovery of or seizure of assets related to crime

Regulations of Investigatory Powers Act 2000
About lawful and unlawful electronic interception and the need to disclose data to law enforcement

Sustainable Energy Act 2003
The requirement to publish annual progress reports showing carbon reduction achievements

PRIVACY AT HOME

OFCOM
The independent regulator for UK communications

Mail Preference Service

Block unwanted mail

Telephone Preference Service
Block unwanted telephone calls

FAX Preference Service
Block unwanted fax calls

STANDARDS AND GUIDANCE

International Organization for Standardization (ISO)

Important ISO standards include ISO 9000 (Quality), ISO 14000 (Environment) and ISO 27000 (Information Security)

BSI Standards

IEEE Standards

Responsible for many IT Network standards

Internet Protocol Standards – RFCs
Detailed standards that cover internetworking

PROJECTS AND SERVICES

Automated Requirement Measurement (ARM) Tool
Software to determine whether a specification is clear and unambiguous

ITIL Self Assessment Spreadsheets
Best practice: IT Service Delivery / IT Service Support (Excel Spreadsheets)

Office of Government Commerce
ITIL, Prince2, Programme Management and more ...

Prince2 Templates – Documentation for Project Management (zip archive: MS Word Format)
Change management - tools and strategies that assist change

Project Management Glossary
A glossary of project management terms from the Association for Project Management

AUDIT RESOURCES

David Griffiths' website
With substantial Risk Based Internal Auditing resources and links

EuSpRIG
Spreadsheet errors? Try a group promoting research in spreadsheet risk

IT SECURITY RESOURCES

Phishing Scams
Site listing current examples of phishing scams

Federation against Software Theft
Compliance with the law on software piracy

US CERT
United States Computer Emergency Response Team

Computer Security Resource Centre (CSRC)
A National Institute of Science and Technology (NIST) website

Internet Storm Centre
Gathers more than 3,000,000 intrusion detection log entries every day, isolates sites that are used for attacks, and provides authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe

Security Focus
Vulnerability reporting