To ask the Secretary of State for the Home Department what auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months. (259805)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

Compliance arrangements comprise a system of self-assessment, accreditation, assurance reporting, audit and review.

To ask the Secretary of State for the Home Department what IT security policy his Department has; what procedures are in place to ensure the policy is being followed; what his Department's policy is on encryption of data when they leave departmental premises; and what sanctions are in place for failure to comply with this policy. (259853)

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

The Home Office is compliant with the security policies contained in the Government Security Policy Framework including those for information security and assurance.

Depending upon the circumstances, a range of sanctions is available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.