Skip to Content
Press Enter

Cybersecurity Topical Requirement

Issued: February 5, 2025 | Effective: February 5, 2026

The Cybersecurity Topical Requirement provides a consistent, comprehensive approach to assessing the design and implementation of cybersecurity governance, risk management, and control processes. The requirements represent a minimum baseline for assessing cybersecurity in an organization. Download the companion user guide for assistance in applying the Topical Requirement.

Watch archived webinar

Topical Requirement

Provides a consistent, comprehensive approach to assessing the design and implementation of cybersecurity governance, risk management, and control processes.

Select Language

User Guide

Helps internal audit functions implement the requirements of the Cybersecurity Topical Requirement.

Select Language

Report on the Development and Public Consultation Processes

Describes The IIA’s objectives and processes for setting the Cybersecurity Topical Requirement for the internal audit profession, intended to promote confidence related to the rigor, inclusivity, and oversight applied to the processes.

Download Cybersecurity Topical Requirement Report
Questions? Download Topical Requirements Application Guidance for practical advice on navigating mandatory requirements, addressing limitations, and identifying critical risk thresholds.

About Topical Requirements

Topical Requirements

Learn how IIA Topical Requirements for internal auditing enhance the consistency and quality of internal audit services.

Public Comment Period

We need your input! The IIA is developing Topical Requirements as a new element of the International Professional Practices Framework (IPPF), which also includes the Global Internal Audit Standards™ and Global Guidance.

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.