You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Commons Select Committees > Administration > Administration
Select Committee on Administration Written Evidence

Memorandum from Colin Lobo, UK Enterprise Risk Services, Deloitte & Touche LLP (October 2006)

  1.  Following my attendance at the PITCOM committee session yesterday afternoon, we were invited to submit suggestions to you in relation to the review that is being undertaken of the IT service provision.

    (i)    It seems fairly evident that there is no defined requirement in terms of the users (both in Westminster and further afield). To reach the desired point, it is essential that a requirements capture is undertaken. This will then ultimately lead into a service portfolio that PICT can then provide and support.

    (ii)    There will need to be a clearly defined scope as to what PICT will support. Changes to such devices should not be permitted and anyone outside of PICT should not have the ability to make changes to the devices.

    (iii)    With the facilities available today, it should be easy and feasible to "lock-down" the operating system configuration to only allow specific changes to be made. This will result in improved security, less likelihood of change (and subsequent support calls) and easier management of the devices by PICT.

    (iv)    The data that is being processed will need to be assessed to determine its protective marking. Depending on this will influence the best method to store, manage and transmit the data from all potential locations. This will also help to drive out the resiliency/backup requirements.

    (v)    Consideration must be given to external devices that can be connected into a PC/laptop and the implications that this could have to the device itself and potentially to the whole network.

    (vi)    Unauthorised devices, if connected to the network, should fail when attempting to access any services or devices.

    (vii)    Options should be available for various forms of remote access. This will need to cater for dial-up, broadband and wireless using shared infrastructure. It should also cater for mobile devices and for access to certain functions (such as email) from public devices. The systems must cater for the protective marking of the devices.

    (viii)    This will all need to be supported with appropriate user awareness material so that they are aware of the implications that these changes will have and the benefit that they will derive from it.

  2.  This is a very brief summary of some of the salient points that I feel will need to be included as part of this review. There will be significant technical detail that will drive out the end solution, but the overall design must be known and agreed before the technical elements can be determined.



 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index
© Parliamentary copyright 2007
Prepared 8 May 2007