The Ministry of Defence and its Agencies have several hundred computer systems in use ranging from corporate IT systems serving thousands of users across the Department and its Agencies, to business area systems serving smaller communities. The following data cover those systems within the MOD and its Agencies where accreditation is centrally controlled by Defence Security and Standards Assurance (DSSA), which are either connected to the MOD networks, or are stand alone above Secret, or are systems that contain significant value to the MOD e.g. those systems that contain particularly sensitive or personal data. It does not include those systems where authority for accreditation has been delegated e.g. stand alone systems with no onward connectivity, and where a further breakdown of information could be provided only at disproportionate cost.
58 per cent. of systems have been through the accreditation process. Of these, 27 per cent. of systems are classed as fully accredited and are being operated in a manner within the MOD's Senior Information Risk Owner (SIRO)'s risk appetite; 31 per cent. of systems are currently classed as having conditional or interim accreditation with constraints placed on the operation of the system to ensure that identified risks are adequately managed within SIRO's risk appetite.
The balance of systems (42 per cent.) are in the process of being accredited; this represents the significant workload undertaken to plan and develop solutions for new equipment systems or platforms; this also includes applications from legacy systems, many of which will be migrated onto the developing Defence Information Infrastructure.