Useful links

keep your knowledge up to date
Home » Resources » Useful links

On this page you will find all sorts of links to relevant organisations and materials to help advance your knowledge and keep you up to date.


British Computer Society: The UK based Chartered Institute that promotes and champions the IT profession.

Institute of Risk Management: The Leading UK body for Risk Management.

IIA Inc: The Global organisation representing Institutes of Internal Auditing worldwide and the International Professional Practice Framework leading to Standards and Guidance from IIA Global.

IIA Australia: What’s going on in Internal Auditing down-under.

The Information Commissioner’s Office: Data protection and personal data matters –  the UK’s independent authority set up to uphold information rights in the public interest.

The Chartered Institute of Public Finance and Accountancy: Public Services Sector Financial Management in the UK.

The Information Systems Audit and Control Association (ISACA): Independent not-for-profit organisation, home of CISA, CISM, CGEIT, and CRISC qualifications.

The Information Systems Security Association: A not-for-profit, international organisation of information security professionals and practitioners.

Institute of Chartered Secretaries and Administrators: Global voice on governance and compliance issues in the private, public and not-for-profit sectors.

The Association for Project Management: The voice of Project Management with 21,000+ members making it the largest project professionals body in Europe.

The Association for Certified Fraud Examiners: The global organisation representing anti-fraud professionals.


Convention for the Protection of Human Rights – Europe: Human Rights and the Council of Europe, read in conjunction with UK Human Rights Act.

Data Protection in the European Union: New proposals in the making.

UK Legislation:  Search UK legislation within the National Archives.

Computer Misuse Act 1990Computer abuse, instrusion and unauthorised access to computer data and systems.

Consumer Protection (Distance Selling) Regulations 2000: On line ordering and purchases made from home.

Copyright, Designs and Patents Act 1988:  (Includes) Software protection.

Data Protection Act 1998
Personal data and personal & sensitive data

Data Protection Act Audit Guide: A Guide to Data Protection Audits performed by staff of the of the Information Commissioner’s Office.

Employment Codes of Practice including Monitoring in the Workplace (downloadable pdf) – Bring your own device (BYOD) (downloadable pdf).

Electronic Communications Act 2000: Cryptography and the facilitation of electronic commerce through the use of digital signatures.

Freedom of Information Act 2000 (UK) and Freedom of Information Act 2002 (Scotland).

Human Rights Act 1998:  UK Human Rights Act.

Privacy and Electronic (EC Directive) Regulations 2003:  Legislation that assists privacy in the field of telecommunications.

Proceeds of Crime Act 2002
About recovery of or seizure of assets related to crime

Regulations of Investigatory Powers Act 2000
About lawful and unlawful electronic interception and the need to disclose data to law enforcement

Sustainable Energy Act 2003:  The requirement to publish annual progress reports showing carbon reduction achievements.


ITIL Self Assessment: A free high level assessment of ITIL from AXELOS.

Links to key Project and Programme Management Disciplines: This link will take you to a web-page of links that will link, in turn, to AXELOS (joint venture between the UK Government and Capita) the ‘new’ owner of the Best Management Practices originally owned by the Offfice of Goverment Commerce, and then onwards to the Best Practices Tools and Learning.

Project Management Glossary: An excellent A-Z  glossary of project management terms from the Association for Project Management.


UK Corporate Governance Codes: Governance codes, standards and reports via the ICAEW.

Governance Codes for all Countries: The A – Z of governance around the world from the European Corporate Governance Institute.

IT Governance Institute: Guidance on current and future issues pertaining to IT governance, control and assurance.

OECD – Organisation for Economic Cooperation and Development: International Corporate Governance issues>

The Committee of Sponsoring Organisations of the Treadway Commission (COSO): Organisation dedicated to improving the quality of financial reporting through ethics, effective internal controls, and corporate governance.

Institute of Risk Management – Risk Management Standard: This Risk Management Standard is the result of work by The Institute of Risk Management (IRM),The Association of Insurance and Risk Managers (AIRMIC) and ALARM The National Forum for Risk Management in the Public Sector – it is simple and easy to apply.

FERMA – the Federation of European Risk Management Associations: The Federation of European Risk Management Associations (FERMA) exists to lead and enhance the effective practice of risk management, risk financing and insurance.

ISO – Standards – ISO 31000: This link takes you to the International Standard for Risk Management and related standards.

HM Treasury Governance and Risk: Governance, Fraud, Internal Audit and Risk – this link takes you to archieved materials in the UK  Government’s National Archives.


International Organization for Standardization (ISO): Important ISO standards include: ISO 9000 (Quality); ISO 14000 (Environment); ISO 27000 (Information Security); ISO 38500 (IT Corporate Governance) and ISO 31000 (Risk Management).

BSI – the British Standards Institute: The UK body that helps formulate Business Standards.

IEEE Standards: Responsible for many IT Network standards.

Internet Protocol Standards – RFCs:  Detailed standards that cover internetworking.


David Griffiths’ website: With substantial Risk Based Internal Auditing resources and links.

EuSpRIG: The global group that specialises in processes and methods to inventory, test, correct, document, backup, archive, compare and control the legions of spreadsheets that support critical corporate infrastructure.

Phishing Scams: Site listing current examples of phishing scams.

Federation against Software Theft: The group that promotes compliance with the law on software copyright and the prevention of software piracy.

US CERT: United States Computer Emergency Response Team providing up to date news and advice about computer software vulnerabilities.

Computer Security Resource Centre (CSRC): A Division of the National Institute of Science and Technology – a useful resource for current news on cybersecurity, security standards and security debate.