§ Mr. AllanTo ask the Secretary of State for Defence what audit mechanisms are in place to determine whether information technology(a) hardware and (b) software products are being used properly in his Department. [150936]
§ Mr. CaplinThe Ministry of Defence has several hundred computer systems in use ranging from corporate IT systems serving thousands of users to business area systems serving smaller communities. This means that a detailed and specific answer to this question could be provided only at disproportionate cost. There are, however, some practices which are standard across the department and these are detailed as follows.
Information systems within the Department are controlled by Security and Operating Procedures (SyOps). Each System is only accredited for use once the procedures have been approved by the Departmental Security Officer. All users are required to observe the SyOps; enforcement is the responsibility of individual System Security Officer(SSO's)/Information Technology Security Officers (ITSO's).
Joint Service Publication (JSP) 440, covering these issues was revised last year. SyOps are revised as necessary as and when new threats to security arise. A recent example is the appearance of photo-messaging which has required that mobile phones be prohibited in some areas where formally they were permitted.