The Department’s head of legal group was appointed senior information risk owner as from 1 September 2008. Prior to that date, the Department’s chief information officer performed the role. Both are directors general, and are members of the Department’s Executive team.
All IT systems that have become operational since 1 July 2008 are formally accredited.
For systems that were operational before that date, there is no requirement under the Data Handling Review for formal accreditation. Nevertheless, all current systems are routinely assessed for compliance against the Department's Information Systems Security Standards, and are fully authorised for use. Any residual risks have been identified and are being managed.