Skip to main content

FCO Services

Question for Foreign and Commonwealth Office

UIN HL457, tabled on 15 June 2015

To ask Her Majesty’s Government what arrangements are in place for assessing whether information assurance and cyber security systems in FCO Services are adequate.

Answered on

24 June 2015

FCO Services follows the principles set out in the Government Security Policy Framework and the Senior Information Risk Officer (SIRO) Handbook. The FCO Services appointed SIRO is a Board member supported in their role by the Head of Corporate Knowledge and Security and the Chief Information Security Office. The SIRO provides an annual report to the Chief Executive Officer and FCO Services Audit and Risk Assurance Committee on the effectiveness of information risk management arrangements. All FCO Services Directors are made accountable and responsible as Information Asset Owners, and provide quarterly assurance to the SIRO on the security of and risk to all information assets in their area of responsibility. Each Information Asset Manager is supported by a network of Information Asset Owners, and a suite of Information Management policies. Risk management of information assets and cyber security is considered at the quarterly Security Committee chaired by the CEO.

The FCO Services Cyber Security Steering Group provides assurance that IT System security is effectively managed in accordance with Communications Electronics Security Group (CESG) good practice guidelines, CESG Information Security standards, and any relevant legal and regulatory requirements. Chaired by the SIRO, it identifies and mitigates cyber security risk.