Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government how many public contracts across all departments currently include the “security schedules” referenced in the Government Cyber Security Strategy: 2022–2030; and what steps they are taking to ensure full implementation of proportionate cyber requirements across all commercial agreements.
Answered by Baroness Jones of Whitchurch
It is long standing policy that Government does not disclose the specifics of its security arrangements, including with suppliers.
In recognition of the fact that not all government departments have the resources or expertise to include bespoke security requirements of every single commercial arrangement, GSG has developed and published Modular Security Schedules. These schedules provide departments with industry best practice security requirements to be included in commercial agreements. They have been tailored to meet a whole range of scenarios and risks.
These schedules are now publicly available on security.gov.uk and have been widely adopted by government departments. We are actively running training sessions for commercial teams to aid their implementation. Furthermore, they are now included in the standard, Model Services Contract, Mid-Tier Contract and Short Form Contract.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the HM Treasury:
To ask His Majesty's Government, with regard to their policy paper Spending Review 2025: Departmental Efficiency Plans, published on 11 June, which states that a zero-based review will help the Treasury "get smaller", whether they will publish the outputs of this review; and what proportion of administrative functions are expected to be outsourced, automated, or removed entirely by 2028–29.
Answered by Lord Livermore - Financial Secretary (HM Treasury)
As part of the Spending Review 2025, HM Treasury, alongside all government departments, undertook a zero-based review (ZBR) of its expenditure. This review was performed as per the requirements of the Spending Review. The outputs are intended for internal decision-making processes, not for publication. The Spending Review settlement for HMT means the department will need to get smaller, delivering a 10% reduction in its admin budgets by 2028-29. The detailed business planning process to achieve those reductions, including a review of administrative functions, over the Spending Review period is currently in progress. The outputs from the ZBR are being used to support this.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the HM Treasury:
To ask His Majesty's Government, with regard to page 40 of their policy paper Spending Review 2025: Departmental Efficiency Plans, published on 11 June, what were the total administrative costs of the Valuation Office Agency in 2024–25; and what is the breakdown between cash-releasing and non-cash-releasing efficiencies of the projected 5–10 per cent savings from integrating the Valuation Office Agency into HMRC by 2028–29.
Answered by Lord Livermore - Financial Secretary (HM Treasury)
The Valuation Office Agency’s total administrative costs in 2024-25 were approximately £27m.
The cash releasing and non-cash releasing breakdown (by 28/29) of efficiencies from integration with HMRC is yet to be determined as detailed plans are still being developed.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government, with reference to the Spending Review 2025, whether they will publish a full breakdown of how the £50 million Transformation Fund allocation for civil service learning and development will be spent, including any evaluation criteria, delivery partners, expected cost per learner, and projected savings against current spend.
Answered by Baroness Anderson of Stoke-on-Trent - Baroness in Waiting (HM Household) (Whip)
The Cabinet Office has secured £50 million from the Transformation Fund to increase workforce productivity, including supporting the implementation of a future skills model for government by May 2029 when the next iteration of the learning framework contracts will expire. We are now establishing the programme of work to make this phased transition, including undertaking full business cases where appropriate.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Department for Work and Pensions:
To ask His Majesty's Government how many times since 2020 the Pension Protection Fund has had to replace an external fund manager for reasons of performance, governance failure, or credit downgrade and what the financial and administrative cost of each replacement was to the Fund.
Answered by Baroness Sherlock - Minister of State (Department for Work and Pensions)
The day-to-day fund management of Pension Protection Fund (PPF) assets is performed both by the Chief Investment Officer (with authority to delegate to an in-house team of investment professionals) and by reputable external professional fund managers (each of which is authorised and regulated by the Financial Conduct Authority or a similar local regulatory authority as required).
At any point in time, PPF will have approximately 70-80 external fund managers working on its behalf, across 140 different strategies within 15 separate asset classes.
Since 2020, PPF has changed 10 external managers on performance grounds. PPF has not replaced any managers on grounds of governance failure or credit downgrade.
The administration cost of changing a manager varies between strategies. However, PPF works to a budget of approximately £30,000 per change of manager.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what plans they have to require their suppliers to use secure container images, in a manner comparable to the United States 2024 executive order on securing the software supply chains of federal government suppliers.
Answered by Baroness Jones of Whitchurch
In February 2025 Cabinet Office published the updated National Procurement Policy Statement (NPPS). The statement requires all public sector contracting authorities in scope to mitigate supply chain and national security risks by ensuring appropriate controls are in place, such as the Cyber Essentials standard for cyber security. Contracting authorities should also follow government guidance on Tackling Security Risk in Government Supply Chains inclusive of software security risk.
In May 2025 DSIT published a voluntary Software Security Code of Practice. The Code of Practice has been developed to improve the security and resilience of software that organisations and businesses rely on. This is not mandatory for government suppliers but we strongly encourage public sector organisations to use the Code of Practice in their commercial engagements.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Department for Work and Pensions:
To ask His Majesty's Government how much the Department for Work and Pensions has spent in each year since 2020 under the RM6141 and RM6302 language services frameworks; and whether the department has used or maintained any separate or competing frameworks, contracts or commercial routes for the procurement of language services during the same period, and, if so, how much has been spent through them.
Answered by Baroness Sherlock - Minister of State (Department for Work and Pensions)
The Framework reference RM6141 is the contract we currently have with DALanguages and the spend associated with this supplier is:
Jun 22 – May 23 £6,877,133
Jun 23 – May 24 £7,139,303
Jun 24 – May 25 £9,878,029
There are no costs from 2020, as the Framework reference for that period is different to what has been requested.
The framework RM 6302 does not begin until May 26.
DAL was selected as the supplier for DWPs interpreting requirements, in a fair and open competition. We have not used or maintained any separate or competing frameworks, contracts or commercial routes for the procurement of language services during the specified period.
Asked by: Lord Agnew of Oulton (Conservative - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government whether any departments or government agencies monitor the use of insecure or vulnerable container images within government IT systems; and, if so, whether they will publish the latest audit data on the number of container images in use that contain critical or high-severity vulnerabilities.
Answered by Baroness Jones of Whitchurch
All government departments and their Arms Length Bodies must meet the Government Cyber Security Standard, which specifies that organisations shall meet or exceed the security outcomes specified in the National Cyber Security Centre’s Cyber Assessment Framework (CAF). Principle B4 of the CAF on system security requires departments to manage vulnerabilities on their systems.
His Majesty’s Government does not hold a central view of departmental or agency vulnerabilities.