§ Mr. Colvin
To ask the Secretary of State for Health what steps his Department has taken, and is taking to improve the security of its computer systems.
§ Mr. Freeman
For unclassifed but sensitive systems the Department of Health is expected to follow Central Computer and Telecommunications Agency guidance covering all aspects of IT security, and the application of this has been tightened recently. CCTA advice is kept under continuous review and is based on analysis of security risks and requirements using structured methods such as CCTA's risk analysis management methodology (CRAMM), which has also been made available commercially.
More stringent conditions apply to classified systems.