The Cyber Security Topical Requirement is part of the International Professional Practices Framework developed by The Institute of Internal Auditors (IIA). It is currently a draft, which is being revised following the 90 day feedback and consultation which ended on the 3rd July 2024.
Topical Requirements are an essential component of the International Professional Practices Framework, which also includes the Global Internal Audit Standards and Global Guidance. Compliance with the new Global Internal Audit Standard and Cyber Security Topical Requirements will become effective from 9th January 2025, but early adoption is recommended.
Elucidate Consulting can evaluate and test your conformance against the requirements, which will soon be a mandatory for all organisations operating in accordance with the three areas of:
Governance;
Risk Management; and
Controls.
With Cyber Security a major threat to many organisations, and the requirements being mandatory when evaluating Cyber Security, should you consider:
A review of your organisations preparedness to meet the requirements, with an action plan to address compliance gaps?
A review of conformance as part of your future ICT Risk Treatments plan future actions?
Elucidate Consulting recognise there are barriers to meet the requirements including resources constraints, complexity of systems (especially where 3rd party access is required), vendor management and balancing security and useability.
Comments