I propose to take Questions Nos. 335, 336, 337 and 338 together.
My Department has a dedicated cyber security function to manage the security of the Department’s network and information assets. My Department takes a risk-based approach to cyber security, is regularly audited, and has achieved the ISO 27001:2013 International Standard for Information Security. This standards-based approach enables teams to proactively identify areas where security can be improved, and these security improvements are funded from my Department’s overall ICT budget.
In common with other Government Departments, my Department has in place comprehensive arrangements to support ICT security and receives regular advice on these matters from the relevant authorities including the Office of the Government Chief Information Officer and the National Cyber Security Centre. The Deputy will understand that it is not the practice, for sound operational and security reasons, to disclose the detail of these arrangements.
Furthermore, Staff working in the Department of Social Protection are provided with regular cyber security awareness communications and all staff are supported in completing the Introduction to Cyber Security Awareness training module run through the Department of Public Expenditure, NDP Delivery and Reform's OneLearning programme.