§ Mr. ColvinTo ask the Secretary of State for Education and Science what steps his Department has and is taking to improve the security of its computer systems.
§ Mrs. RumboldFor unclassified but sensitive systems, Departments are expected to follow CCTA guidance covering all aspects of IT security and the application of666W this guidance has been tightened recently. CCTA advice is kept under continuous review and is based on analysis of security risks and requirements using structured methods such as CCTA's risk analysis and management methodology (CRAMM) which has also been made commercially available. More stringent conditions apply to classified systems.