Source · Select Committees · Public Accounts Committee
Recommendation 25
25
Acknowledged
Department maintains a prioritised cyber incident response and business continuity framework
Conclusion
The Department explained that it had a security incident response framework in place that, in the case of a cyber attack, would enable it to keep its services running as much as possible. It told us that its business continuity plan would put in place the most important steps first—getting money to people—with some of its advisory processes being of lower priority.38
Government Response Summary
The government agrees with the Committee’s recommendation and describes the department's plan to address the 36 most critical legacy systems, which account for around 65% of the caseload, within the coming Spending Review.
Government Response
Acknowledged
HM Government
Acknowledged
5.1 The government agrees with the Committee’s recommendation. Recommendation implemented 5.2 By 2030-31 the department’s legacy systems will become outdated. This could affect the department’s ability to deliver services efficiently and may lead to higher long-term operating costs. Recognising the significant risk, the department analysed 250 systems in scope and developed an accelerated plan to address the 36 most critical systems which account for around 65% of the caseload, within the coming Spending Review. 5.3 The plan has three main steps: • full transformation of some services, this is ongoing and includes migration from old systems; • agreed treatment plans, such as refactoring, for the remaining systems; and • Code fixes where required. 5.4 This was estimated to take the next five years, however with acceleration to resolve earlier, this will be delivered over the next three years. 5.5 Where systems are being transformed, customers will experience an improved level of service enabling them to take advantage of online features, such as being able to report a