Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, which legacy IT systems across Government were identified as red-rated by the Central Digital and Data Office.

It would be inappropriate to release sensitive information held about specific red-rated systems within departmental IT estates, or information that could allow the assumption of which systems are at risk, as it could highlight potential security weaknesses.

The Central Digital and Data Office (CDDO), in the Cabinet Office, has established a programme to support departments in treating legacy. CDDO has agreed a framework to identify ‘red-rated’ systems, indicating high levels of risk surrounding assets. Departments have committed to have remediation plans in place for these systems by next year.