Skip to main content

Departmental Data Protection

Volume 486: debated on Tuesday 13 January 2009

To ask the Secretary of State for Transport what percentage of contractors and suppliers to (a) his Department and (b) its agencies has reported compliance with the Government's security standards following publication of the report, Data Handling Procedures in Government, and the accompanying document, Cross-departmental Actions: Mandatory Minimum Action, on 25 June 2008. (245329)

The information is not held in the form of a percentage as requested and could be provided only at disproportionate cost.

The Department's Senior Information Risk Owner (SIRO) wrote to the Department's major IT suppliers who handle personal data on the subject of data handling on 23 June 2008. All 12 have responded, assuring the SIRO of compliance with the measures in the Data Handling Procedures in Government report.

Those suppliers and all others involved in collecting, handling or storing the Department's information assets are required to provide assurance to the DfT SIRO and board on a quarterly basis, through the Department's Information Asset Owners, that they have implemented the appropriate measures.

For new contracts with contractors and suppliers, the Department is implementing the appropriate OGC guidance including new contract clauses.

To ask the Secretary of State for Transport when his Department appointed a senior information risk owner in accordance with the report, Data Handling Procedures in Government and the accompanying document Cross-departmental Actions: Mandatory Minimum Action; and what grade the person holds within the Department. (245370)

The Department for Transport appointed a Senior Information Risk Owner (SIRO) in 2004 as part of the Government's approach to dealing with risks and threats to information systems, lead by the Central Sponsor for Information Assurance (CSIA). The appointment was a board member at director general level, grade SCSPB3.

The responsibilities of the SIRO were revised to take account of the mandatory minimum actions from the Data Handling Procedures in Government report, published in June 2008.

To ask the Secretary of State for Transport what percentage of the IT systems in (a) his Department and (b) its agencies are fully accredited to the Government's security standards. (245392)

The percentage of IT systems in the central Department that are currently fully accredited to HMG standards is 67 per cent. The remainder are currently in the process of being brought into accreditation.

The percentage of IT systems in the Department's seven executive agencies and its shared service centre that are currently fully accredited to HMG standards is 71 per cent. A further 26 per cent. are in the process of being brought into accreditation. The remaining IT systems are under review for accreditation or to be decommissioned.

The accreditation of the Department's IT systems is a continuous process, as new systems are brought into service and existing systems are required to be periodically re-accredited, or in response to changes in services, technology or the security threats.