Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government, further to the Written Answer by Baroness Jones of Whitchurch on 14 May (HL7013), whether the Cabinet Office Audit and Risk Committee was formally notified of the letter from the National Cyber Security Centre that warned of shortcomings and risks in the One Login system in September 2023; and if so, on what date they notified that committee; and whether they will place a copy of that letter in the Library of the House.

Representatives for GOV.UK One Login, attended two meetings into programme risks with the Cabinet Office Audit and Risk Committee (COARC), once in June 2023 and then again in April 2024. On both occasions cyber security risks that took into account NCSC advice were presented. GDS also raised cyber security as its top risk to the Cabinet Office in its quarterly risk reporting, a process which is now replaced by DSIT risk reporting.

A copy of the letter will not be placed in the Library of the House, as it forms part of ongoing security measures and internal governance processes.