§ Mr. ColvinTo ask the Secretary of State for Trade and Industry what steps his Department has taken, and is taking, to improve the security of its computer systems.
§ Mr. Douglas HoggMy Department follows CCTA advice on analysis of security risks and requirements using structured methods such as CCTA's risk analysis and management and methodology (CRAMM) which has also been made commercially available. A departmental IT security steering group was established in 1988 to assess requirements and determine policy. For unclassified but sensitive systems a review was carried out recently and the results are now being implemented. More stringent conditions apply to classified systems.