ICAS cyber security framework

Staying compliant with the Data Protection Act 1998 is becoming increasingly important for accountancy firms. Although many firms continue with the "it won't happen to me", it has already happened to some firms. For example, a Wales-based firm went out of business because of the reputational impact of a data security breach. Protecting your firm and your clients should therefore be taken very seriously.

Cyberspace - Guides and Workbooks

The following two Guides and Workbooks can be downloaded free.

Cyber Caddie Lite PDF [742 KB]

Cyber Caddie – Information Security Management PDF [648 KB]


All businesses trading in the UK which handle personal data are required to comply with the Data Protection Act 1998.  Try the quick checklist below to assess how well your business complies.

Data Protection Act Checklist PDF [120 KB]

The Act requires such businesses to have conducted a risk assessment and have in place an information security policy.  As well as the legal obligation, it is important for client confidentiality that you adopt sound security principles in respect of how you handle personal data and other confidential information.  To assist firms with this, ICAS launched the CSF back in 2010 and has been continually developing and improving the product for firms.  Since then, the Information Commissioner has been very busy and his office has now issued numerous monetary penalty notices (he is able to fine up to £500,000).

In light of this, ICAS has significantly updated and enhanced the CSF for our firms, tailoring the content to meet a risk matrix of various sizes of firm.  New content includes 23 policy templates and 26 asset work sheets as well as a complete guide to implementing a CSF management system. Full details of the Framework can be accessed here:

ISF Information Leaflet PDF [366 KB]

ISF Toolkits for Practitioners - contents and pricing PDF [276 KB]

ISF Toolkits for Members in Business - contents and pricing PDF [264 KB]

Online assessments

Online assessments for each of the 4 categories are now available from ICAS / Practice Support at practicesupport@icas.com. An assessment will generate a tailored report for your firm highlighting the strengths and weaknesses of your information security and offering recommendations for improvement. In Category B, C and D firms we recommend that more than one person completes the assessment to balance the issue of what should happen with what does happen in practice.


  • Practitioner offers and services
  • Technology

Previous page