Recommendation 10

HM Government Not Addressed

2: PAC conclusion: There is no clear plan to replace or modernise legacy systems and data that are critical to service provision but are often old, unsupportable, vulnerable and a constraint on transformation. 2: PAC recommendation: At the start of 2022 the CDDO should work with departments to map legacy systems across government to document what is there, why it exists and how critical it is. By the end of 2022 the CDDO should use this to produce a pipeline of legacy systems they have prioritised with milestones for action. This pipeline should be shared with the Committee. 2.1 The government agrees with the Committee’s recommendation. Target implementation date: end of December 2022 2.2 At the 2021 Spending Review, CDDO worked closely with HM Treasury to provide spend teams with expert input and advice on the prioritisation of Digital, Data and Technology (DDaT) spending bids submitted by departments, considering the particular challenges and investment needs being faced by departments. As a result, the government has committed to invest £2.6 billion in cyber and legacy IT over the Spending Review 2021 period. Building on this, CDDO is now working with departments to establish a common methodology for identifying and prioritising legacy risk. CDDO aims to implement this across ministerial departments by the end of 2022. 2.3 CDDO will work with departments to agree remediation plans to address key risks and to reduce overall government exposure to legacy systems. Departments’ progress in delivering these plans will be monitored through regular Quarterly Business Reviews jointly chaired by CDDO and HM Treasury.