Most MoD's systems do not meet data security standards

Almost three out of four Ministry of Defence IT systems do not meet Cabinet Office standards, a Whitehall review has found.

Only 27 percent of MoD IT systems reviewed so far meet the new data-security standards, established by the government, a compliance review has revealed.

The systems that fail to meet Government standards for data security, include those holding military secrets and sensitive personal data.

Tougher data handling sanctions were handed down last year, following a government review into the HMRC data loss debacle in 2007, which involved the loss of 25 million child benefit records. Under the security measures, any disc, USB stick or laptop containing sensitive information has to be encrypted if it is to be taken out of Whitehall.

In response to parliamentary questions from shadow minister Shailesh Vara, the MoD said it has only assessed 58 percent of the "several hundred computer systems in use", which range from corporate IT systems serving thousands of users across the department and other agencies, to business area systems serving smaller communities.

"Of these, 27 percent of systems are classed as fully accredited and are being operated in a manner within the MOD's Senior Information Risk Owner (SIRO)'s risk appetite," said Defence Minister Bob Ainsworth.

Another 31 percent of systems are classed as having "conditional" or "interim accreditation" with constraints placed on the operation of the system. The balance of systems (42 percent) are in the process of being accredited, said Ainsworth, in written answers.

"This represents the significant workload undertaken to plan and develop solutions for new equipment systems or platforms. This also includes applications from legacy systems, many of which will be migrated onto the developing Defence Information Infrastructure," he said.

In July, the MoD admitted that its staff had lost 658 laptops and 121 portable USB memory sticks since 2004. Some of the USB sticks contained military information classed as "Secret" .

Also last summer, the Information Commissioner Richard Thomas served an enforcement notice on the Ministry of Defence for losing a laptop containing the details of up to 600,000 recruits.

No responsibility can be taken for the content of external Internet sites.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: