Asked by: Pat McFadden (Labour - Wolverhampton South East)
Question to the Department for Work and Pensions:
To ask the Secretary of State for Work and Pensions, with reference to the policy paper entitled Transforming for a digital future: 2022 to 2025 roadmap for digital and data, updated on 29 February 2024, when his Department first assessed each of the red-rated legacy IT systems in his Department to be red-rated.
Answered by Paul Maynard - Parliamentary Under-Secretary (Department for Work and Pensions)
DWP has mature, industry standard mechanisms for assessing the risk of its core IT systems which has been implemented and running for decades. The first time DWP reported figures to the cross-government initiative led by CDDO was November 2022.
Asked by: Pat McFadden (Labour - Wolverhampton South East)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, with reference to the policy paper entitled Transforming for a digital future: 2022 to 2025 roadmap for digital and data, updated on 29 February 2024, what steps his Department has taken to mitigate the risks of red-rated legacy IT systems.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Central Digital and Data Office (CDDO), in the Cabinet Office, has established a programme to support departments managing legacy IT. CDDO has agreed a framework to identify ‘red-rated’ systems, indicating high levels of risk surrounding certain assets within the IT estate. Departments have committed to have remediation plans in place for these systems by next year (2025).
It is not appropriate to release sensitive information held about specific red-rated systems, more detailed plans for remediation within departmental IT estates, or information that could indicate which systems are at risk as it may highlight potential security vulnerabilities.
Asked by: Pat McFadden (Labour - Wolverhampton South East)
Question to the Department for Work and Pensions:
To ask the Secretary of State for Work and Pensions, with reference to the policy paper entitled Transforming for a digital future: 2022 to 2025 roadmap for digital and data, updated on 29 February 2024, what steps his Department has taken to mitigate the risks of red-rated legacy IT systems.
Answered by Paul Maynard - Parliamentary Under-Secretary (Department for Work and Pensions)
DWP has funded and resourced a dedicated Legacy Technical Debt Working Group within DWP. This group managed the population and ongoing accuracy of Legacy IT System Risk Score Cards. The information recorded includes plans for mitigating key risks which are assessed ahead of each fiscal planning round to bid for funds to implement mitigating measures.