§ Mr. ArbuthnotTo ask the hon. Member for Roxburgh and Berwickshire, representing the House of Commons Commission (1) whether the House of Commons Commission plans to comply with UK Security Standard BS7799, relating to computer security, by the end of 2003; [126584]
(2) what (a) technical and (b) procedural security Counter-measures are in place to protect PDVN users' data and e-mails from unauthorised internal or external interception while users are working (i) on the Parliamentary Estate and (ii) remotely. [126586]
§ Sir Archy KirkwoodSecurity of Members' e-mails and data is important; measures are in place to ensure that users working remotely and on the Parliamentary Estate are protected. As a matter of policy, the Commission does not comment on the details of parliamentary security arrangements. However, I can say that there is a parliamentary IT security policy for information technology and systems and that work is in hand to ensure that this policy keeps pace with developments in current best practice. We have no plans at present to seek accreditation to BS7799, but the philosophy and best practice elements within the standard form an important part of our approach.
All users of the network are subject to conventional password controls, which in turn, govern file rights and system permissions to prevent unauthorised access internally. For users on the Estate, the protection of corporate firewalls and anti-virus software prevents unauthorised external access. For remote users, the introduction of data encryption, personal firewalls and anti-virus software with the new Virtual Private Network (VPN) service hosted on known parliamentary-issued personal computers will minimise the risk of unauthorised access and interception. Members and their staff using equipment other than that provided or purchased centrally are responsible for their own arrangements.