Skip to main content

Departmental Data Protection

Volume 488: debated on Monday 2 March 2009

To ask the Chancellor of the Exchequer what auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months. (259714)

HM Treasury conduct periodic audits of IT systems and business processes, which include, where relevant, the degree to which IT security policies are being followed. In the last 12 months, there have been no identified cases of IT security policies has being broken by employees, and no employees have been sanctioned.

To ask the Chancellor of the Exchequer if he will place in the Library a copy of his Department’s IT security hierarchy. (259715)

A copy of HM Treasury’s IT security hierarchy will be placed in the Library of the House. Reference can be made to:

http://www.hm-treasury.gov.uk/d/hmt_orgchart.pdf

to see how the hierarchy fits into the overall HM Treasury organisational structure.

To ask the Chancellor of the Exchequer what scanning for vulnerabilities his Department conducts of each of its IT devices; what method is used for IT device scans; and how many vulnerabilities have been detected as a result of such scans in the last 12 months. (259716)

The Department has a number of measures in place to scan for, and report on, vulnerabilities, including the use of more than one anti-virus software product. It is departmental policy not to publish precise details of the measures used and their detection rates, as this could provide useful information for individuals who might seek to attack our IT systems.