You might also be interested in
Replies (4)
Please login or register to join the discussion.
There already is one...
Mike Whittaker wrote:
"Far be it from me to suggest more quangos, but I can't help thinking that if there was an independent body such as the NCC setting and auditing IT security & procedures in various government sectors, things would not have become so bad. "
What about the CESG?
"CESG aims to protect and promote the vital interests of the UK by providing advice and assistance on the security of communications and electronic data. We deliver information assurance policy, services and advice that government and other customers need to protect vital information services. We work on a cost recovery basis for all customer-specific solutions and services, though IA policy and Guidance documentation is usually free of charge to the UK official community."
CESG is the Information Assurance (IA) arm of GCHQ and we are based in Cheltenham, Gloucestershire, UK. We are the UK Government's National Technical Authority for IA, responsible for enabling secure and trusted knowledge sharing to help our customers achieve their business aims.
There are five key principles, essential for safe electronic transactions: etc etc
Their website URL is http://www.cesg.gov.uk/index.shtml
C'era, una volta, il NCC ...
There once was a government body called the National Computing Centre (NCC) one of whose remits was creation of standards for UK computing systems and technologies.
Far be it from me to suggest more quangos, but I can't help thinking that if there was an independent body such as the NCC setting and auditing IT security & procedures in various government sectors, things would not have become so bad.
More Fundamental Change Needed
The key problem is addressed by the Poynter report as follows:
"As products have been added to HMRC’s portfolio over time, little integration between them has taken place. The products effectively operate as discrete businesses, each with its own set of processes and supporting systems, but are also served by cross-cutting functions such as customer contact and debt management.
"Thus PAYE, National Insurance, Child Benefit and Tax Credits (to name but a few) each have their own supporting systems, each of which contains a separate customer record – meaning that the same individual customer can have four separate customer records.
"Maintaining these separate records is both inefficient and increases information security risk because of the constant need to bring this information together (e.g. for compliance purposes and for management information purposes). Putting better controls around the existing set of processes and supporting systems will improve information security, but to reduce information security risk to acceptable levels will require more fundamental change."
This is the real problem: multiple systems dupicating data unnecessarily and requiring taxpayers to contact a multiplicity of HMRC offices.
no evidence
Is there a common theme in all these investigations that being,
"there is no evidence of misconduct or criminality"
surely someone ought to change the words around before copying the previous report, or look a bit harder.