§ Mr. CohenTo ask the Secretary of State for Social Security whether he has incorporated the code of practice for information security management, published by the British Standards Institution, into relevant contracts with information technology suppliers.
§ Mr. HagueThe security requirements for IT systems and services used by central Government departments are
200W
§ Mr. ScottThe information requested in relation to national insurance basic retirement pension, national insurance unemployment benefit and family allowance/ child benefit is in the table. Invalidity benefit and one-parent benefit were introduced in 1971 and 1980 respectively and information about growth in expenditure on these is in table 9a of "The Growth of Social Security." Meaningful comparisons of the growth rates since 1949 in national assistance/supplementary benefit/income support, housing benefit and rate rebates/community charge benefit are not possible because of changes in the structure of provision in the benefit system.
stated in the Government IT security policy document. This document is supported by use of the CCTA risk analysis and management method (CRAMM) and baseline security for IT systems (BSITS) risk analysis methods and by supporting advice and guidance published by the Government IT security authorities. These are regularly reviewed to ensure best practice and have been developed specifically for use within Government and have been in operation for some time. The Department of Social Security's IT security standards have been devised in accordance with the above, and the need for compliance with them is being referenced in relevant contracts.
The code of practice for information security management was developed by and established for use by commercial organisations and does not specifically address the requirements for the protection of official information.
§ Mr. CohenTo ask the Secretary of State for Social Security if he will make a statement about the operation of his Department's sensitive documents unit; how many staff are employed in its operation; and approximately how many documents per annum come within its purview.
201W
§ Mr. HagueThe Department of Social Security does not operate a sensitive documents unit. However, all documents raised within the Department are public records under the terms of the Public Records Acts 1958 and 1967, and have varying degrees of sensitivity. The Department has a departmental records officer, who is responsible for systems for the control of all documents from the time of their creation to final disposal. In the course of the Department's business, millions of records come within the departmental records officer's purview each year.