The information is not held in the form of a percentage as requested and could be provided only at disproportionate cost.
The Department's Senior Information Risk Owner (SIRO) wrote to the Department's major IT suppliers who handle personal data on the subject of data handling on 23 June 2008. All 12 have responded, assuring the SIRO of compliance with the measures in the Data Handling Procedures in Government report.
Those suppliers and all others involved in collecting, handling or storing the Department's information assets are required to provide assurance to the DfT SIRO and board on a quarterly basis, through the Department's Information Asset Owners, that they have implemented the appropriate measures.
For new contracts with contractors and suppliers, the Department is implementing the appropriate OGC guidance including new contract clauses.
The Department for Transport appointed a Senior Information Risk Owner (SIRO) in 2004 as part of the Government's approach to dealing with risks and threats to information systems, lead by the Central Sponsor for Information Assurance (CSIA). The appointment was a board member at director general level, grade SCSPB3.
The responsibilities of the SIRO were revised to take account of the mandatory minimum actions from the Data Handling Procedures in Government report, published in June 2008.
The percentage of IT systems in the central Department that are currently fully accredited to HMG standards is 67 per cent. The remainder are currently in the process of being brought into accreditation.
The percentage of IT systems in the Department's seven executive agencies and its shared service centre that are currently fully accredited to HMG standards is 71 per cent. A further 26 per cent. are in the process of being brought into accreditation. The remaining IT systems are under review for accreditation or to be decommissioned.
The accreditation of the Department's IT systems is a continuous process, as new systems are brought into service and existing systems are required to be periodically re-accredited, or in response to changes in services, technology or the security threats.