Government and Regulatory Affairs

Introduction

Welcome to this webpage dedicated to the Government and Regulatory Affairs (GRA) portfolio of the ISACA London Chapter (ILC).   The London GRA informs its Members of regulatory and legal developments related to IT, governance, audit, information/cyber security, and privacy, among topics of ISACA certifications and certificates. The GRA Team provides a summary of such information as published in:

  • the GRA section of London Chapter Newsletters (1-2 issues per month),
  • submissions made by ISACA / ILC to public consultations.

Public consultations have a wealth of background policy and research papers – these are hidden gems of bodies of knowledge that the GRA Team also draws attention to in ILC Newsletters. This means Members can see policy and law-making in real-time while also having resources to draw upon as needed for work or study.

The GRA Team is interested in your comments and suggestions – please contact admin@isaca-london.org.

GRA features in ILC Newsletters

The following are selected features published in recent ILC Newsletters, with back issues in Repository of GRA features in ILC Newsletters 2021. More information on below among other topics can be found in newsletters. 
1- On 29 March 2023, the Government published a policy paper on AI, with a clear, pragmatic and proportionate approach to support its development. Building public trust and responding to risks are the driving forces behind the new approach. 
AI was listed as one of the five critical technologies in the UK Science and Technology Framework of 6 March. Also, the Government set £900 million of funding for AI research and exascale computer in the Spring Budget
The consultation of this policy paper is open until 21 June 2023. Members are reminded of the opportunity to participate in ISACA’s submission to the consultation. Members can contact admin@isaca-london.org with their name, surname and ISACA ID to express their interest and possible areas of contribution.

2- On 20 April 2023, the Cabinet Office announced that more stringent cyber security measures would be applied in all government departments and a select number of arm’s length bodies for protection from growing cyber threats. The new cyber security programme, GovAssure, will be run to enhance cyber resilience and assist government institutions in defending themselves against hostile cyber threats. 

3- National Cyber Security Centre (NCSC) updated Cyber Essentials technical requirements as part of a regular review of the scheme’s technical controls. The 2023 update will have new requirements on: 
 
  • User devices
  • Clarification on firmware
  • Third-party devices
  • Device unlocking
  • Malware protection
  • New guidance
  • Style and language
  • Structure updated
  • CE+ testing



Legislation for national chapter governance

ISACA chapters are created on the basis of regulations in their respective countries, for example, based on whether they are an association, society, private limited company, or other basis under  Attorney General Office guidance.  In the case of the London Chapter, it was created as an association and then in November 2004, it was incorporated as a private company limited by guarantee (https://find-and-update.company-information.service.gov.uk/company/05291214/filing-history). This means it is a non-profit company, compared to a private limited company limited by shares which is for profit.   

In the UK, private limited companies have a status different from associations and charities: the London Chapter is bound by obligations to UK Companies House (https://www.gov.uk/government/organisations/companies-house ), and its Chapter leaders being UK directors under Companies House comply with director responsibilities (https://companieshouse.blog.gov.uk/2019/02/21/7-duties-of-a-company-director)under the UK Companies Act 2006 (https://www.legislation.gov.uk/ukpga/2006/46/contents).  Additionally, for most all types of entities in the UK, there are data privacy regulations under the UK Data Protection Act 2018  and the UK General Data Protection Regulation (GDPR) derived from the European Union's GDPR – see the UK Information Commissioner's Office, the independent supervisory body regarding UK data protection legislation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr).

Public consultations: ISACA / ILC submissions

London Chapter members contributed to submissions by ISACA to the following public consultations from UK and international governmental entities. These align with ISACA Global's advocacy and government relations

Policy paper on AI regulation by the Department for Science, Innovation and Technology

Consultation is open until 21 June 2023.

 

2021 Restoring trust in audit and corporate governance:
proposals on reforms by UK Business, Energy and Industrial Strategy (BEIS)

Consultation (outcomes awaited)

2019-2020 Review of local authority financial reporting and external audit (aka Redmond Review)

by UK Ministry of Housing, Communities & Local Government (renamed 2 Feb 2022 to Dept for Levelling Up, Housing and Communities)    Government Response Policy Paper

Independent report (consultation outcome)

(Annex 8 refers to ISACA submission)

Original Consultation

2017-19 Report on AI in the UK

by UK House of Lords Select Committee on Artificial Intelligence

Report and Government response

List of Witnesses and Evidence

ILC Written evidence (AIC0193) pp.734-745

2018 Cyber Lexicon

by Financial Stability Board

Publication of Lexicon

Public Responses