UK GDPR and Data Protection Act 2018: Primary data protection legislation in the UK that governs how personal data must be handled, processed, and protected during IT audits
PECR (Privacy and Electronic Communications Regulations): Specific rules for electronic communications, cookies, and digital marketing that may be relevant to IT systems being audited
ISO 27001: International standard for information security management systems, providing framework for IT security audits
NIS Regulations 2018: Network and Information Systems Regulations governing cybersecurity standards for essential services and digital service providers
Public Contracts Regulations 2015: Regulations governing procurement processes in the public sector, relevant if the RFP is for a public entity
Supply of Goods and Services Act 1982: Fundamental legislation governing service contracts in England and Wales, including IT audit services
ISACA Standards: Professional standards for IT auditing and governance, providing framework for audit methodology and reporting
IIA Standards: Institute of Internal Auditors' standards providing guidelines for internal audit practices and procedures
Employment Rights Act 1996: Legislation governing employment relationships that may be relevant when auditing HR-related IT systems
Electronic Communications Act 2000: Legislation governing electronic signatures and communications, relevant for digital documentation in audits
COBIT Framework: Control framework for IT governance and management, often used as baseline for IT audits
ISO/IEC 38500: International standard for corporate governance of information technology, providing principles for effective IT governance
PCI DSS: Payment Card Industry Data Security Standard, mandatory if the audit scope includes payment card processing systems
Cyber Essentials: UK government-backed certification scheme that sets out basic cybersecurity standards
Copyright, Designs and Patents Act 1988: Legislation protecting intellectual property rights in IT systems and software being audited
