ICAEW.com works better with JavaScript enabled.

Guidance on cyber security

Read our latest guidance on cyber security.

Displaying 1-31 of 31 results
Managing software risk when adopting cloud software
  • 19 Feb 2025
The risks associated with adopting software – particularly software based in the cloud – are many and varied. Here, we consider some of the critical software risks that may be important for businesses to consider and mitigate.
Strategic considerations for software implementation
  • 19 Feb 2025
When looking to implement a new software solution - whether hosted in the cloud or otherwise - it is worth spending time to determine your strategic approach to software before rushing into exploring specific applications. Here, we outline some of those considerations.
Benefits and risks of cloud computing
  • 19 Feb 2025
Cloud computing offers a multitude of benefits that make it a valuable consideration for businesses, but it is not without risk. With the ability to store data, run applications or collaborate with others, cloud computing is a flexible and reliable option for many.
Contractual considerations for cloud implementation
  • 19 Feb 2025
Consider the contractual tie-ins and the potential costs associated with buying into cloud or subscription-based software.
Data considerations for cloud software
  • 19 Feb 2025
Data is of course at the heart of the vast majority of software applications. In some form or other, applications in the cloud will typically be storing data that relates to you or your customers/clients, and so understanding what this means for your organisation is critical.
Faculty news: June 2024
  • 06 Jun 2024
  • ICAEW
  • Corporate Financier
The latest from ICAEW’s centre of professional expertise in corporate finance, with a cyber specialist joining the faculty, dates for the diary including the faculty AGM, plus the Takeover Code consultation.
Faculty news: March 2024
  • 11 Mar 2024
  • ICAEW
  • Corporate Financier
The latest from ICAEW’s centre of professional expertise in corporate finance, including the launch of the faculty’s cyber security guide, a new member firm, a call for comment on two consultations, plus forthcoming events.
Exclusive IFRS 15 Revenue from contracts with customers
  • 20 Jul 2023
  • PDF (562kb)
IFRS 15 Revenue from Contracts with Customers sets out the principles for when revenue should be recognised and how it should be measured, together with related disclosures. This factsheet answers some key frequently asked questions about the standard.
Cyber security: How to keep your organisation safe and secure online
  • 23 May 2023
This cyber security guide explains how to best protect yourself, your business and your clients from cyber risks and threats. You can also find additional information in our dedicated cyber security resource centre.
Is your business cyber secure?
  • 24 Feb 2023
  • Marsh Commercial
A guide to protecting your accountancy business from cyber-attacks.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET Fraud Issues for members in practice
  • 05 Mar 2021
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW practice members to navigate some of the issues that may arise if they find that they have been victims of fraud.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET Fraud Issues for members in business
  • 05 Mar 2021
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW business members to navigate some of the issues that may arise if they discover fraud within their organisation.
GUIDE ICAEW KNOW HOW Coronavirus guide: cyber hygiene and data
  • 25 Mar 2020
  • Tech Faculty
Criminals thrive in times of uncertainty and fear, and the UK’s National Cyber Security Centre (NCSC) has already reported an increase in cyber threats which refer directly to the coronavirus. This guide outlines the key steps to basic cyber hygiene and highlights some useful resources.
ICAEW KNOW HOW GUIDE ICAEW Know-How: Personal data breaches
  • 01 Jan 2020
  • PDF (563kb)
  • Business Law Department
The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.
Cyber attack response plan
  • 07 Mar 2019
  • Tech Faculty
This guide provides an overview of a cyber attack response plan. Organisations of all sizes and types should download this plan today in readiness for when a cyber incident takes place. This will help reduce your business risk and improve business resiliency.
Exclusive TECH ESSENTIALS The essential guide to cyber recovery
  • 06 Feb 2019
  • PDF (308kb)
  • Tech Faculty
How to recover in the event of a data breach. This guide draws on expert insights from our volunteers and members, with some very helpful case studies outlining real life examples – one of which is a ransomware example similar to the scenario above, and where the firm did have a backup.
Exclusive How to audit the cloud
  • 29 Nov 2018
  • PDF (387kb)
  • Audit and Assurance Faculty
Cloud computing is transforming business IT services, increasing its operational efficiencies and reducing its costs. But the use of cloud computing services also poses significant risks that need to be planned for by audit committees, boards and management if they are to be handled effectively.
GDPR and pension funds
  • 11 May 2018
  • PDF (165kb)
  • Business Law, Tech Faculty
This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.
GDPR - practical issues for insolvency practitioners and breach issues
  • 01 May 2018
  • PDF (251kb)
  • Professional Standards Department
FAQs for insolvency practitioners on the General Data Protection Regulations (GDPR).
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR - Communicating safely with clients
  • 25 Apr 2018
  • PDF (159kb)
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR - Data mapping and documentation
  • 25 Apr 2018
  • PDF (148kb)
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand how data mapping and documentation can assist in meeting the requirements of the GDPR.
Managing risk
  • 21 Mar 2018
  • Professional Standards Department
Based on their experience reviewing over 2,000 firms each year, the QAD offers advice on best practice in terms of managing risk.
TECH ESSENTIALS Tech essentials - 10 steps to cyber security for smaller firms
  • 22 Sep 2017
  • PDF (376kb)
  • IT Faculty
While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.
Internal audit in the age of data analytics
  • 16 Jun 2017
  • Audit and assurance Faculty
How internal auditors should strengthen their governance frameworks to cover emerging data-analytics risks in the areas of quality, talent, independence and security.
Exclusive TECHNICAL ADVISORY SERVICES HELPSHEET Disclosure of confidential information to the police and other enforcement agencies
  • 01 Jun 2017
  • Ethics Advisory Service
Technical helpsheet issued to help ICAEW members consider confidentiality requirements in the context of disclosure of confidential information to the police and other enforcement agencies such as HMRC and the National Crime Agency.
Exclusive Cloud adoption – understanding the risk of cloud services
  • 31 Jan 2017
  • PDF (371kb)
  • IT Faculty
This first part in the series on cloud adoption provides the process to follow when identifying and addressing the risks that arise from adopting a cloud-based strategy for a small business.
Exclusive Financial Modelling, Issue 63
  • 06 Jul 2016
  • PDF (4,453kb)
This 2nd edition is a practical guide to financial modelling in a corporate finance transaction context. That rider is important. The guide is aimed at corporate financiers and modellers who need to prepare, use or review financial models for deals; it is not aimed at financial modellers who need to develop their understanding of corporate finance.
Glossary of IT Security terms
  • 23 May 2016
  • IT Faculty
Clear and concise explanations are given for the most common IT security expressions, phrases, acronyms and jargon.
Exclusive IP in M&A – legal considerations, Issue 62
  • 23 Feb 2015
  • PDF (547kb)
This guideline identifies key intellectual property (IP) rights and comments on how such rights should be considered in the context of M&A transaction and contractual protections. It also addresses IP transfer and integration.
5 things to think about when considering your IT options
  • 16 Jan 2015
  • Practice Department
Factors to consider when choosing IT infrastructure and systems for your practice.
Data protection and insolvency
  • 29 Jul 2014
The Data Protection Act 1998 (DPA) came into force on 1 March 2000. It sets rules for companies and organisations that deal with personal data. Personal data is information that identifies living individuals. The DPA applies to the processing of personal information and extends to some paper records as well as those held electronically. Its scope is very wide and it imposes a number of obligations. Some obligations are quite onerous on those involved in the processing of personal data. The information on this page is aimed at insolvency practitioners and does not go into detail about the basic...
Displaying 1-31 of 31 results