Question to the Department for Business and Trade:

To ask the Secretary of State for Business and Trade, with reference to the guidance by the Central Digital and Data Office entitled Guidance on the Legacy IT Risk Assessment Framework, published on 29 September 2023, how many red-rated IT systems are used by her Department; and how many red-rated IT systems have been identified since 4 December 2023.

The Central Digital and Data Office (CDDO), in the Cabinet Office, has established a programme to support departments managing legacy IT. CDDO has agreed a framework to identify ‘red-rated’ systems, indicating high levels of risk surrounding certain assets within the IT estate. Departments have committed to have remediation plans in place for these systems by next year (2025).

It is not appropriate to release sensitive information held about specific red-rated systems or more detailed plans for remediation within the Department for Business and Trade’s IT estate, as this information could indicate which systems are at risk, and may highlight potential security vulnerabilities.