Question to the Ministry of Defence:

To ask the Secretary of State for Defence, whether his Department holds a central list of the IT and digital assets of its arm's-length bodies.

We do not hold a central list of the IT and digital assets of the Ministry of Defence's arm's-length bodies. Under the delegated model, Senior Information Risk Owners, or an equivalent post, are appointed in each of the arm's-length bodies; they are expected to hold this information for their organisations in accordance with good practice. They report centrally on their organisation's key information systems as required.

Defence Assurance and Information Security (DAIS) also maintains the Defence Assurance Risk Tool (DART), an automated central registration point for MOD IT systems (including applications and services) that require accreditation. Users, including the arm's-length bodies, are required to comply with initiating, inputting to and tracking their various Information Assurance-related requirements on the DART to ensure that they are properly managed.