|
answer text |
<p>The Government’s <a href="https://www.gov.uk/government/publications/security-policy-framework/hmg-security-policy-framework"
target="_blank">Security Policy Framework</a> has clear requirements on Information
Assurance which are mandatory for departments. They include a range of measures including
the <a href="https://www.gov.uk/government/publications/government-security-classifications"
target="_blank">Classification Policy</a> which set out expectations of how government
will protect the wide variety of information that it generates, collects, processes,
stores and exchanges appropriately and effectively. As the NAO report acknowledges,
the UK government is acknowledged as a world leader in this area.</p><p>However, we
are conscious that these policies and structures have grown organically over time
and need to keep pace with Government’s digital transformation plans. So the Cabinet
Office conducted its own review of Government security in early 2016 and many of the
findings are consistent with the NAO report. We are already starting to implement
the recommendations in the review.</p><p>For example, we are already well underway
in strengthening oversight of information security by bringing together nine separate
central teams into just two. We have also appointed the Government’s first ever Chief
Security Officer to bring together all disciplines of government security under central
leadership. As part of this work Cabinet Office is working with GCHQ and the Government
Digital Service to rationalise and clarify the guidance to departments on information
security and protecting data. The National Cyber Security Centre which is due to stand
up in the autumn will also play a lead role in advising departments on cyber security.</p><p>But
we can and will do more and we will respond fully to this report in due course.</p>
|
|