Question to the Ministry of Defence:

To ask the Secretary of State for Defence, what proportion of civil servants at Defence Business Services have had information security training in the last 12 months.

There are three information security courses which are mandatory for civil servants in Defence (Protecting Personal Data, Information & Knowledge Awareness and Records Management Awareness). These courses replaced the Defence Information Management Passport (DIMP) which had a three-year expiry timeframe and retired fully in early 2023. Staff who are still covered by the DIMP do not need to complete the three new security courses until their DIMP expires.

Data shows that approximately 43% of the Defence Business Services workforce have completed all of the necessary security information courses, or are still covered by the DIMP. A Civilian Mandatory Learning Review is underway to tackle a range of issues, including compliance, to ensure a higher proportion of the workforce complete their mandatory learning in future.