To ask the Secretary of State for Communities and Local Government what auditing her Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months.
Compliance arrangements are in place comprising a system of self assessment, accreditation, assurance reporting, audit and review. Additionally, any security incidents are notified to the IT security manager and departmental IT security officer; and a monthly report is compiled by the service provider, Steria Ltd. These reports show that IT security policies have been broken by CLG employees on three occasions in the past 12 months. In each case the breach was of a minor nature and staff were advised accordingly. Regular daytime security checks are also carried out, to identify unattended PCs that may not have been locked; where these are found guidance has been issued to staff.