Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government, further to the Written Answer by Baroness Jones of Whitchurch on 16 May (HL7121), whether any independent assessments have been undertaken to verify the compliance of One Login with the 39 outcomes in the National Cyber Security Centre Cyber Assessment Framework, excluding self-assessments and reviews conducts by contracted suppliers; and whether they will place in the Library of the House the results of the most recent GovAssure review, including (1) the methodology used, and (2) the number of outcomes currently assessed as met.

GOV.UK One Login was subject to GovAssure, the cyber security scheme run by the Cabinet Office’s Government Security Group (GSG), in Q4 2024. As part of this, we successfully completed a review of our assurance measures against the National Cyber Security Centre’s (NCSCs) Cyber Assessment Framework. This work is ongoing, with continued collaboration with NCSC on future mitigations. This process has multiple phases, which includes an assurance review by an independent assessor.

Copies of the final assessment will not be disclosed or placed in the Library of the House, as they are part of ongoing security measures and internal governance processes.