Data Protection Act 2018: UK's implementation of GDPR requirements, governing how personal data must be handled, processed, and protected within systems
Computer Misuse Act 1990: Legislation covering unauthorized access to computer systems and cybercrime, essential for system security considerations
Health and Safety at Work Act 1974: Covers health and safety aspects of system usage, including ergonomics and system safety protocols
Network and Information Systems Regulations 2018: Legislation ensuring security of network and information systems, particularly for essential services and digital providers
ISO 27001: International standard for information security management, providing framework for system security controls
BS EN ISO/IEC 27005:2018: Standard specifically focused on information security risk management methodologies
Cyber Essentials: UK government-backed certification scheme that identifies basic security controls organizations should have in place
Financial Services and Markets Act 2000: Regulatory framework for financial services industry, including requirements for system security in financial institutions
PCI DSS: Payment Card Industry Data Security Standard - requirements for organizations handling credit card information
Companies Act 2006: Primary legislation governing company operations, including requirements for maintaining business records and systems
Electronic Communications Act 2000: Legislation governing electronic communications and digital signatures
Privacy and Electronic Communications Regulations: Specific regulations covering electronic communications, including requirements for electronic marketing and cookies
EU GDPR: European Union's General Data Protection Regulation, affecting any system handling EU residents' data
NCSC Guidelines: National Cyber Security Centre's recommendations and guidance for system security best practices
ICO Guidance: Information Commissioner's Office guidelines on data protection and information security requirements
