Source · Select Committees · Public Accounts Committee
Recommendation 24
24
Acknowledged
Department demonstrates existing robust cyber security assurance and oversight mechanisms
Conclusion
The Department told us that it had its own assurance programme based on the world-class National Institute of Standards and Technology assurance programme, and that it also used the GovAssure process which is the government standard for the most critical systems. The Accounting Officer explained that security as whole was overseen on his behalf by the Department’s Finance Director General and by the departmental audit and risk committee. The Department said that it had dedicated staff who were expert in what they did, and this was a larger group of people than it had historically been. It also noted that it was building capability for the whole of government and was the home of the security academy.37 33 Q 40 34 Q 29 35 Committee of Public Accounts, Government cyber resilience, Twenty-Fourth Report of Session 2024–25, HC 643, 9 May 2025, pp 3-4 36 Q 57 37 Q 57 14
Government Response Summary
The Department told us that it had its own assurance programme based on the world-class National Institute of Standards and Technology assurance programme, and that it also used the GovAssure process which is the government standard for the most critical systems.
Government Response
Acknowledged
HM Government
Acknowledged
The Department told us that it had its own assurance programme based on the world-class National Institute of Standards and Technology assurance programme, and that it also used the GovAssure process which is the government standard for the most critical systems. The Accounting Officer explained that security as whole was overseen on his behalf by the Department’s Finance Director General and by the departmental audit and risk committee. The Department said that it had dedicated staff who were e