Valuation Office Agency: Publications Mr. Dunne To ask the Chancellor of the Exchequer if he will place in the Library a copy of the referencing guidance and manuals produced by the Valuation Office Agency for the inspection and valuation of (a) advertising rights and stations and (b) licensed property. Mr. Timms The manuals used by the Valuation Office Agency (VOA) are routinely updated to reflect changes and new information. They are published online at: http://www.voa.gov.uk/instructions/Index.htm The section of the VOA’s Rating Manual relevant to advertising rights and stations can be found at: http://www.voa.gov.uk/instructions/chapters/rating_manual/vol5/sect20/frame.htm Licensed property is covered in the following section of the VOA’s Rating Manual: http://www.voa.gov.uk/instructions/chapters/rating manual/vol5/sect825/frame.htm Mr. Dunne To ask the Chancellor of the Exchequer with reference to page 33 of the Valuation Office Agency’s Annual Report and Accounts 2008-09, HC 521, in which six process areas the Agency fell below minimum target standards in its information security high level assessment. Ian Pearson The six process areas are those related to the HMG information Assurance Maturity Model and Assessment Framework, specifically: Leadership and Governance Training, Education and awareness Information Risk Management Through-Life Information Assurance Measures Assured Information Sharing Compliance Mr. Dunne To ask the Chancellor of the Exchequer with reference to page 33 of the Valuation Office Agency’s (VOA) Annual Report and Accounts 2008-09, HC 521, if he will place in the Library a copy of Deloitte’s report on its high level assessment of the maturity and effectiveness of VOA information security, redacted for security reasons as necessary. Ian Pearson The Deloitte report assesses the Valuation Office Agency’s (VOA) security maturity and identifies the areas for improvement to enable full compliance with the Poynter review, with the HMG Security Policy Framework and Minimum Mandatory Measures and ISO 27001—the industry standard measure for information security compliance. The report has therefore been classified as restricted, and cannot be published. Redaction of material, which may aggravate security risks if published, would render the report meaningless.