Home / Sources / Select Committees / Recommendation 7
Index live · Last sync 22 May 2026
← Rec 6
Rec 1 →
Source · Select Committees · Public Accounts Committee

Recommendation 7

7 Accepted

Report on departmental traction for CDDO's missions and provide annual progress updates thereafter.

Recommendation
We welcome CDDO’s efforts to establish strong cross-government co-operation and collaboration to identifying and addressing legacy IT issues. Since our December 2021 report on the Challenges in implementing digital change, CDDO has worked with all departments to establish a common methodology across departments for prioritising legacy risk. It has developed a framework to identify vulnerable legacy systems and tested it with six departments including Defra. Covering 105 digital systems across the six departments, this has highlighted those which need immediate work. CDDO intends to use the framework with the remaining departments by the end of 2023. CDDO has worked closely with departments in the development of its Roadmap to identify problem areas that need to be tackled and has introduced a set of commitments that all departments have signed up to and agreed to fund from within their own budget. CDDO is also working with departments to determine how significant the financial benefits from addressing legacy can be, and it expects this will support departments’ bids for funding to HM Treasury. 8 Tackling Defra’s ageing digital services Recommendation 7: As part of the Treasury Minute response, CDDO should set out whether it is getting the traction needed from departments to achieve its missions, and report annually thereafter on its progress and any difficulties in working with departments. Tackling Defra’s ageing digital services 9 1 Defra’s progress in addressing legacy IT issues
Government Response Summary
CDDO agrees and states it has implemented the recommendation by rolling out a legacy risk framework to 16 organisations, identifying 153 legacy IT assets. It is working successfully with over 21 departments to ensure all 'red-rated' legacy systems have agreed remediation plans in place.
Government Response Accepted
HM Government Accepted
The government agrees with the Committee’s recommendation Recommendation implemented On 19 January 2023, CDDO updated the Committee Hearing on its progress which included establishing the legacy risk framework and rolling it out across 6 departments, assessing 105 systems. On 22 May 2023, CDDO provided a further update that it has continued rollout to 16 organisations, with 153 legacy IT assets listed in the register. Furthermore, it has kept abreast of legacy remediation programmes and has seen a number of remediation programmes reach key milestones. The 2025 Roadmap, Transforming for a Digital Future, requires support and intervention from business leaders in departments to successfully deliver. CDDO is working closely with departments on all commitments, including that all ‘red-rated’ legacy systems will have agreed remediation plans in place. To date CDDO has worked successfully with more than 21 departments on this endeavour.

Source

View on Parliament website ↗

Addressee Bodies

HM Treasury

Timeline

Recommendation age 3.0 yrs
Report published 10 May 2023