The information requested is as follows:
(a) All suppliers to The Treasury that are required to handle relevant data have been contacted and made aware of the Government's security standards. All have been assessed as having policies and procedures that are compliant with those standards.
(b) The UK DMO have identified all the suppliers involved in data handling procedures. All of these suppliers (100 per cent.) have been assessed as appropriate to comply with the Government's security standards.
The Treasury has one supplier that stores personal data abroad. The contractor provides travel agency services under a pan-Government framework owned by OGCbuying.solutions and the data are stored in the USA under a safe harbour agreement.
The Debt Management Office holds one contract that it manages on behalf of the Treasury, which allows the storage of personal data of UK citizens overseas. This contract is for the Gilt Registration Service and states that personal data must be kept within the European Economic Area (EEA). Currently all these data are stored within the UK.
HM Treasury's senior information risk owner is a range G (equivalent to Grade 3) and has held the responsibility since December 2007.