Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government, further to the Written Answer by Baroness Jones of Whitchurch on 10 June (HL7655), whether the assurance review by an independent assessor was conducted by a contracted supplier.

The independent assurance review was conducted by an independent accredited third party according to the requirements of GovAssure. GOV.UK One Login was subject to GovAssure, the cyber security scheme run by the Cabinet Office’s Government Security Group (GSG), in Q4 2024.

The GovAssure scheme comprises of five stages which is available on the GOV.UK website. Stages 1 through 3 involve a mix of self-assessments and supported assessments by the Government Security Group against the National Cyber Security Centre (NCSC)’s Cyber Assessment Framework. Stage 4 involves a review by an accredited third party.