Question to the Ministry of Defence:

To ask the Secretary of State for Defence, with reference to the guidance by the Central Digital and Data Office entitled Guidance on the Legacy IT Risk Assessment Framework, published on 29 September 2023, how many red-rated IT systems are used by his Department; and how many red-rated IT systems have been identified since 4 December 2023.

It is not appropriate to release sensitive information held about specific red-rated systems or more detailed plans for remediation within the Ministry of Defence’s IT estate, as this information could indicate which systems are at risk, and may highlight potential security vulnerabilities.