You don’t need to work in the secure data destruction industry to know that councils and other bodies have been losing sensitive data. Here’s what is meant to be happening to local authority information security.
The National Information Assurance Strategy (NIAS) was published in 27th June 2007 to chart a way to expanding e-government across departments. This was published before the HMRC leak which took place on 22nd November 2007.
In light of both of these, the Data Handling Procedures in Government Final Report Review –SPF70 Security Policy Framework – was produced by the Cabinet Office in November 2008.
Presently, the Information Assurance Maturity Model must be complied with by local authorities before they are given access to csgx (a big secure network essentially managed by the Department of Work and Pensions). In order to be connected, local authorities must comply with a COCO – Code of Connection.
There are five stages in local authority compliance with the Code of Connection. The first are a basic set of information assurance measures called the Minimum Mandatory Measures. Only two thirds of these met this first information security goal . More on this in the next post.