The Wales Office's IT services are provided by the Ministry of Justice, which has in place safeguards and auditing capabilities to ensure that IT policies are being followed by staff. No members of Wales Office staff have broken IT security rules in the last 12 months.
(2) what scanning for vulnerabilities his Department conducts of each of its IT devices; what method is used for IT device scans; and how many vulnerabilities have been detected as a result of such scans in the last 12 months;
(3) what IT security policy his Department has; what procedures are in place to ensure the policy is being followed; what his Department's policy is on encryption of data when they leave departmental premises; and what sanctions are in place for failure to comply with this policy.
The Wales Office is provided with its IT services by the Ministry of Justice, which is responsible for IT security. Safeguards and audit capabilities are in place to ensure their policies are followed.
When leaving departmental premises, all data are required to be encrypted, and the capability to copy data onto removable media such as CDs or memory sticks is significantly limited. Staff found not to be complying with this policy risk disciplinary action.