Department for Transport: Cybersecurity
(asked on 1st September 2023) - View Source
Question to the Department for Transport:
To ask the Secretary of State for Transport, what steps his Department is taking to (a) enhance cybersecurity and (b) protect personal data.
(a)The Department for Transport is enhancing its cybersecurity in line with the vision for a resilient public sector outlined in the Government Cyber Security Strategy: 2022-2030. A core pillar of that strategy has been the implementation of GovAssure, and its alignment to the NCSC’s Cyber Assessment Framework. The departments completion of the GovAssure assessment and its independent validation will surface any areas for targeted improvement. This is in addition to an ongoing programme of security improvement activities such as implementation of the recent HMG Mobile Device Management policy.
(b)The steps the department is taking to protect personal data are outlined in the published Personal Information Charter.
These include:
Carrying out a Data Protection Impact Assessment where new technologies are introduced or there is a high risk to individuals’ rights and freedoms.
Carrying out regular reviews and audits to ensure that the processing of personal data meets the government’s security standards and industry good practice.
Only transferring personal data overseas where appropriate safeguards are in place to protect it.
Training DfT staff on the importance of protecting personal data and providing additional role-based training where needed.