Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.


This website requires cookies. Your browser currently has cookies disabled.


How governing bodies should run and maintain their information technology (IT) systems including maintaining effective cyber security measures.


Early draft of the code of practice

This code is not in force yet. It is an early version for the new code of practice consultation.

To give us feedback on issues such as the design, usability and navigation of this code, email us at

You can also read more information about the consultation.

Maintenance of IT systems

The standards that governing bodies should meet when overseeing the maintenance of information technology systems.

Cyber controls

The controls that governing bodies should have in place to manage the risk of loss, disruption or damage from IT systems and processes failing.