Departmental Data Protection

Anne Main
To ask the Chancellor of the Exchequer what auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months.

Angela Eagle
HM Treasury conduct periodic audits of IT systems and business processes, which include, where relevant, the degree to which IT security policies are being followed. In the last 12 months, there have been no identified cases of IT security policies has being broken by employees, and no employees have been sanctioned.

Anne Main
To ask the Chancellor of the Exchequer if he will place in the Library a copy of his Department’s IT security hierarchy.

Angela Eagle
A copy of HM Treasury’s IT security hierarchy will be placed in the Library of the House. Reference can be made to:

http://www.hm-treasury.gov.uk/d/hmt_orgchart.pdf

to see how the hierarchy fits into the overall HM Treasury organisational structure.

Anne Main
To ask the Chancellor of the Exchequer what scanning for vulnerabilities his Department conducts of each of its IT devices; what method is used for IT device scans; and how many vulnerabilities have been detected as a result of such scans in the last 12 months.

Angela Eagle
The Department has a number of measures in place to scan for, and report on, vulnerabilities, including the use of more than one anti-virus software product. It is departmental policy not to publish precise details of the measures used and their detection rates, as this could provide useful information for individuals who might seek to attack our IT systems.