Question to the Ministry of Defence:

To ask the Secretary of State for Defence, with reference to the guidance by the Central Digital and Data Office entitled Guidance on the Legacy IT Risk Assessment Framework, published on 29 September 2023, how many red-rated IT systems are used by their Department.

As of 21 November 2023, the Ministry of Defence (MOD) has 11 red-rated legacy IT systems as defined in the Central Digital and Data Office (CDDO) Legacy IT Risk Assessment Framework.

The MOD takes the issue of the resilience of our IT networks extremely seriously, and we are driving forward with a number of initiatives to improve it. Work that has been undertaken in line with the CDDO framework includes conducting of obsolescence risk assessments for our critical systems, and creating remediation plans at pace for any of those requiring immediate attention.