Organisations must comply with all applicable laws (including ICT laws). So for example, you must comply with RICA. COBIT however is not a law and therefore you do not have to comply with it.
Organisations should consider adhering to rules, codes and standards (including ICT rules, codes and standards).
There is an important distinction that must be made here – that is the distinction between the laws on the one hand and rules, codes and standards on the other hand. You must comply with applicable laws whereas you only need to consider adhering to applicable rules, codes and standards. The law is compulsory, the others are not.
Interestingly, King III is itself a code, so this reinforces the fact that the governance principles set out in King III are not compulsory – the “apply or explain” approach applies.
The IT governance chapter of King III includes the following statement:
“the board should ensure that the company complies with IT laws and that IT related rules, codes and standards are considered.“
It is therefore clear that this is an important element of IT governance.
A comprehensive list of ICT law, rules, code and standards can be purchased from Online Legal.
Tags: ICT laws, King 3, legal compliance
No Comments Yet