Skip to main content

Departmental Data Protection

Volume 491: debated on Monday 20 April 2009

To ask the Secretary of State for Work and Pensions what (a) organisational process and (b) staff resources his Department uses to provide assurance on IT system security. (268938)

The Department's Information Security Committee (a sub-committee of the Department's Executive Team) is responsible for information security issues across the Department. Operational responsibility for security is assigned to respective chief executives and heads of businesses within the Department. Other senior staff in the Department's agencies have specific responsibilities for promoting data and IT system security and report to their respective chief executives.

Following the publication of the Cabinet Office's Review of Data Handling Procedures in Government, specific senior civil servants across the Department have been designated as Information Asset Owners who provide assurance to the Department's Senior Information Risk Owner that data assets are properly protected.

The Department also deploys a range of internal and external professional security resources and suppliers to both deliver and assure its IT Infrastructure and systems.

The Department is compliant with the security policies contained in the Government Security Policy Framework including those for information security, assurance and the encryption of data. Its arrangements to ensure compliance with these measures comprise a system of self-assessment, accreditation, assurance reporting, audit and review.

The Department does not publish details of the resources used to provide assurance over IT system security, staff or otherwise, as this could potentially threaten the security of information.