Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether she plans to take steps to require all major broadband providers to operate with an internal audit function.

The Government keeps the financial health of the market under close review and Ofcom have powers to request financial information from providers. The Telecommunications (Security) Act 2021, and its associated Regulations and Code of Practice introduced a robust security framework requiring public telecoms providers to identify, reduce, and prepare for security and resilience risks.

We recently held a public consultation on proposed updates to the Telecommunications Security Code of Practice, which provides guidance on how public telecoms providers can meet their statutory requirements to secure their networks and services. These include requirements relating to reviews, governance and board responsibilities. Ofcom monitor and enforce these requirements.

In response to the consultation, the Chartered Institute of Internal Auditors raised the matter of independent assurance arrangements. We are now carefully reviewing all feedback to the consultation to ensure that any updates to the Code of Practice are appropriate and proportionate.