§ Mr. BattleTo ask the Chancellor of the Duchy of Lancaster if he will make a statement on future responsibility for advising Government Departments on information technology security.
Mr. Robert G. HughesTwo UK authorities advise Departments and agencies on information technology security. The Security Service, as part of its general protective security role, is responsible for non-technical aspects of IT security policy and standards, primarily in the physical and personnel security areas. Responsibility for the technical aspects of IT security policy and standards, which focus on IT hardware, software and communications, rests with the communications-electronics security group of the Government communications headquarters.
The CCTA—the Government centre for information systems—also provides security advice and guidance, which is based on the security policy and standards set by the two UK IT authorities. The CCTA integrates such security policy into its wider responsibility for the production of policy and best practice for information systems and IT.