Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what independent verification they sought to assess the security of the One Login digital identification system.

The GOV.UK One Login works closely with the National Cyber Security Centre (NCSC) to identify and mitigate risks and align to the Cyber Assessment Framework (CAF) which the Government Cyber Security Strategy 2022-2030 outlines as the assurance framework that should be adopted by the government. Findings from the recent CAF GovAssure process identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. The programme has conducted multiple independent risk and threat assessments, such as regular IT Health Checks (ITHC), and these will continue to be part of the programme’s operating approach.

In addition GOV.UK One Login works closely with the Information Commissioners’ Office (ICO) on programme developments, including iterations of the Data Protection Impact Assessment (DPIA).