Cabinet Office Chief Information Officer

Main navigation

Information Security and Assurance: The National IA Strategy

If Government is to meet its aim of joining up services and providing easier access to personalised services for citizens and businesses it must hold a large amount of data.  This data must be held securely.

Information Assurance (IA) – confidence in the security, integrity and availability of information systems – cuts across all elements of the ICT Strategy and will be built into every public sector ICT system from design to implementation.

The Aim

To deliver over the next five years an environment where citizens, businesses and government can enjoy the full benefits of information systems with confidence.

Key Achievements

Since the Data Handling Review (June 2008) set out minimum requirements for data handling, there have been:

• Over 650 penetration tests of IT systems that carry personal data
• 100,000 devices encrypted across central government,
• Intensive training of over 450,000 public sector staff
• Creation of clear lines of responsibility and accountability for data security - 9000 Information Asset Owners made responsible for ensuring that personal information is handled securely.
• Set up a joint Government and Industry Board (ISAB) to improve data security within government supply chains. The Board first met in May 2009 and continues to meet on a quarterly basis.

We have ensured that Government suppliers are aware of their responsibilities in protecting personal data.  We have:

• Set up a joint Government and industry board to improve data security amongst government suppliers – first met in May 2009
• OGC has built data security clauses into new contracts and departments have reviewed existing contracts  with their suppliers to make them aware of data security commitments

The National IA Strategy (ICT Strategy) [PDF]

What are the benefits?

Keeping the public’s data secure by:

• A secure ICT infrastructure over which citizens and public servants can exchange data and innovate with confidence
• Ensuring that the culture of protecting information in government is sustained, deepened and consolidated

What governs our approach to the secure handling of data?

The current National Information Assurance Strategy (NIAS) sets the IA agenda across Government.  A refreshed version of the NIAS will be published in the coming year which will better reflect the current strategic situation regarding Digital Britain, Cyber Security and Smarter Government.

Useful Documents

• National Information Assurance Strategy
• Data Handling Review
• Security Policy Framework
• Cyber Security Review
• CESG
  ISA works very closely with the CESG, the National Technical Authority for Information Assurance in providing this secure vision for the UK ICT environment. 
• Protecting Information in Government Report

Contact
isa@cabinet-office.x.gsi.gov.uk