Our IT suppliers are contractually obliged to maintain the Department's IT systems in accordance with government security standards, and the relevant provisions of the Data Protection Act. Assurance that these security standards are being met is obtained through compliance with the HMG standard for information systems risk management, known as HMG Infosec Standard 2.
The Ministry of Justice and its agencies undertake a formal programme of audits each year as well as carrying out other internal reviews as required. The scope of these audits is dependent on the reason for the audit taking place, or the specific terms of reference for the review. Past audit programmes undertaken by the former Department for Constitutional Affairs have contained a number of audits that have included coverage of systems and procedures incorporating aspects of personal data, including their storage and processing. Audit reports have been issued and action taken where necessary.