Organisations must comply with all applicable laws (including ICT laws). So for example, you must comply with RICA. COBIT however, is not a law and therefore you do not have to comply with it. Organisations should consider adhering to rules, codes and standards (including ICT rules, codes and standards).

What must you comply with and what do you just need to consider?

There is an important distinction that must be made here – that is the distinction between the:

  • the laws on the one hand, and
  • rules, codes and standards on the other hand.

You must comply with applicable laws whereas you only need to consider adhering to applicable rules, codes and standards. The law is compulsory, the others are not.

Interestingly, King is itself a code, so this reinforces the fact that the governance principles set out in King III are not compulsory – the “apply or explain” approach applies. The IT governance chapter of King III includes the following statement: “the board should ensure that the company complies with IT laws and that IT related rules, codes and standards are considered.King IV says that the governing body must oversee that laws are complied with. Therefore, it is clear that compliance is an important element of IT governance. You can buy a comprehensive list of ICT law, rules, code and standards from us.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.