Document Sample
checklist-legislation Powered By Docstoc
					                                                                                            W A T S O N     H A L L

       Web application development legislation                                                        Watson Hall Ltd
                                                                                                 London 020 7183 3710
       security best practice, standards and compliance                                       Edinburgh 0131 510 2001

              The use of web applications can lead businesses into areas or effects of
              legislation where their conventional non-internet commerce might not
              have been relevant. This check list identifies some of the common
              legislation which organisations may need to consider. The check list is
              not necessarily complete – legislation is changing all the time and all
              businesses have special constraints, compliance issues, or there may be
              local (non UK) legislation which also needs to be taken into consideration.

              Terms of use
              This check list is provided free of charge and without any warranty. Use
              of this check list is subject to the terms of use displayed on our website

              Each check list should be amended and added to for the particular project
              requirements and environment.

              The latest links to details of information security related legislation,
              codes of practice, organisations, initiative and standards can be found on
              the Watson Hall website at and in
              a chart format at

              Check list summary

               Attribute           Text


               Web application

               Completed by


C2-2009-1.1                                                                                                        1
Check list                                                                             Web application development legislation

             Data protection, fraud and investigation
              Item                                                          Required   Completed

              Civil Evidence Act 1995

              Communications Act 2003

              The Companies Act 2006

              The Computer Misuse Act 1990

              The Data Protection Act 1998

              Freedom of Information Act 2000

              Police and Justice Act 2006

              The Privacy and Electronic Communications (EC Directive)
              Regulations 2003
              The Privacy and Electronic Communications (EC Directive)
              Regulations 2003

              The Regulation of Investigatory Powers Act 2000

              The Telecommunications (Lawful Business Practice)
              (Interception of Communications) Regulations 2000

              The Terrorism Act 2006

             Payments and e-commerce
              Item                                                          Required   Completed

              The Consumer Protection (Distance Selling) Regulations 2000

              Consumer Credit Act 2006

              Electronic Commerce (EC Directive) Regulations 2002

              The Money Laundering Regulations 2003

              Taxes Acts (various)

Check list                                                                                Web application development legislation

             Other key legislation for generic website development.

              Item                                                             Required   Completed

              Companies Acts (various)

                         Companies Act 2006

                         Companies (Audit, Investigations and Community
                         Enterprise) Act 2004

              Copyright and Intellectual property (various)

              Disability Discrimination Act 2005

              Employment Acts (various)

              Health and Safety Acts and Statutory Instruments (various)

                         Health and Safety at Work etc Act 1974

                         Offices, Shops and Railway Premises Act 1963 (c 41)

              The Human Rights Act 1998

             Other sector-specific legislation
             Sector specific regulations should be added here for each project. Some
             initial examples are provided below.

              Item                                                             Required   Completed

              Capital Requirements Directive (Basel II)

              Investment Services Directive (ISD)

              Markets in Financial Instruments Directive (MiFID)

              Sarbanes-Oxley Act

              Transparency Directive

Check list                                                                  Web application development legislation

             Why Watson Hall?
             Watson Hall provides independent web application security analyst
             services to businesses.

             To discuss any security matters in confidence and without obligation,
             telephone us on 020 7183 3710 or use the enquiry form on our website at

             Watson Hall Ltd is a limited company registered in England no 6004969 at
             North Bastle, Gatehouse, Northumberland, NE48 1NG, United Kingdom.


burmesepentester burmesepentester YGN Ethical Hacker