I propose to take Questions Nos. 1747 and 1748 together.
My Department's ICT managed service is provided by the Minister for Public Expenditure and Reform through the Office of the Government Chief Information Officer (OGCIO).
The OGCIO implements a multi-layered approach to cyber security and to protecting ICT systems, infrastructures and services. The OGCIO builds resilience into its ICT solutions as a matter of course, and has disaster recovery plans and sites in a Government Data Centre. Disaster recovery forms part of the overarching Business Continuity framework for their clients including my Department.
The OGCIO also has specialist staff, with the appropriate skills and expertise, tasked with managing cyber security. The OGCIO implements a defence-in-depth security strategy which is achieved through the effective combination of People, Processes, and Technology to support the implementation of appropriate security measures and provisions, including monitoring and analysing logs.
Our external line-of-business systems are secured behind firewalls and utilise industry-standard security protocols with disaster recovery functionality backed up by a dedicated external ICT infrastructure team. Business continuity and disaster recovery are supported through backups of data performed on a daily, weekly and monthly basis, with live replication of systems to ensure backup systems can be utilised should a problem occur. Backups are also stored off-site on a regular basis.
Finally, my Department has a comprehensive risk management structure in place and works closely with our partners in the OGCIO and external providers to manage risks relating to the availability of IT systems and data.