Skip to Content
Press Enter

Cybersecurity Topical Requirement

Issued: February 5, 2025 | Effective: February 5, 2026

The Cybersecurity Topical Requirement provides a consistent, comprehensive approach to assessing the design and implementation of cybersecurity governance, risk management, and control processes. The requirements represent a minimum baseline for assessing cybersecurity in an organization. Download the companion user guide for assistance in applying the Topical Requirement.

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.

About Topical Requirements

Topical Requirements

Topical Requirements, the newest component of the International Professional Practices Framework will ensure that all internal audit functions – large, small, private, or public – apply consistent audit methodology when assessing the effectiveness of governance, risk management, and controls of a particular topical area.

Public Comment Period

We need your input! The IIA is developing Topical Requirements as a new element of the International Professional Practices Framework (IPPF), which also includes the Global Internal Audit Standards™ and Global Guidance.

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.