|Previous Section||Index||Home Page|
when there is any significant change in the external threat level or any significant project change.
In response to question 190738, ContactPoint is expected to be deployed to Early Adopter local authorities and two of our seven national partners by the end of October 2008 and to all other local authorities and national partners in 2009.
In response to question 190739, an interim assessment has been conducted which indicates that the
recommendations can be implemented within the current planned budget and timescale. The full assessment can only be made once the updated risk assessment is completed.
In response to question 190740, ContactPoint will continue to be reviewed by independent security experts during system build and before it is implemented. Security will, of course, be audited during operation. It has not yet been decided who will conduct further independent reviews.
In response to question 190750, the Deloitte review did not identify any significant security issues, but made a number of minister recommendations for controls to be in place when the system goes live in addition to those already planned. The report observed that the importance of security appears to be ingrained within key areas of the ContactPoint Project. The first task, which is already under way, is to undertake an impact assessment of the detailed recommendations contained in the report.
Mrs. Maria Miller: To ask the Secretary of State for Children, Schools and Families (1) when the ContactPoint user acceptance test referred to in the written statement of 21 February 2008, Official Report, columns 55-8WS, on ContactPoint, will be undertaken; and what use will be made of the results; 
(4) what procedures will be put in place to ensure that all organisations accessing the ContactPoint database are aware of their responsibilities on security; what auditing will take place to ensure compliance; and if he will make a statement; 
(7) what plans there are to review the role of self-certification as referred to in the written statement of 21 February 2008, Official Report, columns 55-58WS, on ContactPoint; and if he will make a statement; 
(9) what (a) security, (b) auditing and (c) other procedures will be followed when a ContactPoint user wants to gain access to a common assessment framework assessment for a particular child. 
Verify that CP meets the stated business requirements, and its practical readiness,
Ensure the end to end system and processes meet the defined acceptance criteria.
In response to question 190742, all data inputs to ContactPoint will be delivered over secure electronic channels. The frequency of updates of this data will vary depending on what is practicable and desirable for each source.
In response to question 190743, (a) All partner organisations will be supported through their accreditation process by the local authority acting as an independent sponsor. Those performing the sponsor roles will be trained and appropriately qualified, (b) Ongoing monitoring will be performed at multiple levels across the ContactPoint delivery structure.
monitoring of user access by line management;
compliance checksthat line management is monitoring user access by each organisation's internal audit or compliance team;
monitoringthat line management are monitoring their users by the local ContactPoint management team;
compliance checks that the local authority ContactPoint team is performing its monitoring role by each local authority's internal audit or compliance team;
monitoring - that line management are monitoring their users by the local ContactPoint management team;
compliance checks - that the local authority ContactPoint team is performing its monitoring role by each local authority's internal audit or compliance team;
local authorities will log and monitor complaints and data subject access requests, identifying where follow up checking needs to take place;
discussions will be held between local authority internal audit and the internal audit of those organisations using ContactPoint to ensure congruence of risk assessments and sharing of lessons learned;
regular reviews of local authority ContactPoint team activities;
spot checks by organisation, local authority and nationally;
national reviews of management information based on a range of security
In response to question 190745, accreditation will ensure a range of organisational policies and procedures are in place in each accredited organisation. These include a requirement to appoint responsible and accountable officers, to train staff, to set out accountabilities, to plan and implement a programme of inspections and audits, and to report issues to the sponsoring local authority.
Responsibilities will be set out clearly and will be covered in training and supporting materials (such as guidance and user manuals). Regular meetings will be used (between local authorities and partner
organisations, and between the national team and local authorities) to ensure messages on responsibilities continue to be understood, to promote best practice, to raise and resolve issues around compliance, and to discuss other operational issues or difficulties.
In response to questions 190746 and 190747, in determining the security policy for ContactPoint, the Government guidance on risk assessment and security controls set out in the Cabinet Office's Manual of Protective Security was followed. A risk assessment was carried out, in 2005, at the start of the ContactPoint project before any solution design or requirements were specified. It was updated in June 2006. Deloitte concluded that the approach followed was valid.
ContactPoint will not be deployed until it has been subject to rigorous penetration testing by people who are experts in the IT security field and approved by the Communications and Electronics Security Group.
In response to questions 190748 and 190749, the accreditation plans were under development at time of the Deloitte review and indicated that self-certification would be used where appropriate in order to minimise burdens.
Self-certification of local partner organisations will be subject to verification by a local authority sponsor who will assure compliance with procedures. Funds have been allocated to local authorities to support these roles.
In response to question 190751, there will be no access to the CAP itself, nor any of the details within it, from ContactPoint. If the ContactPoint user believes that they should contribute to, or see, the CAP assessment they would contact the practitioner whose details have been provided to ContactPoint as the person holding the CAP.
Mr. Hoban: To ask the Secretary of State for Children, Schools and Families what items of his Department's (a) revenue and (b) expenditure are uprated using (i) the consumer prices index, (ii) the retail prices index and (iii) other measures of inflation. 
The Department uses a range of indices in order to uprate the grant payments it makes to its wide range of delivery partners. Decisions on the
appropriate indices to apply to the different types of grant expenditure are devolved to the individual business units within the Department and this information can be gathered only at disproportionate cost.
Keith Vaz: To ask the Secretary of State for Children, Schools and Families what procedures are in place in his Department to ensure that personal information relating to members of the public is (a) stored and (b) transported securely. 
Kevin Brennan: I refer the hon. Member to the statement made by my right hon. Friend the Prime Minister on 21 November 2007, Official Report, column 1179. The review by the Cabinet Secretary and security experts is looking at procedures within departments and agencies for the storage and use of data. A statement on Departments procedures will be made on completion of the review.
Mrs. Villiers: To ask the Secretary of State for Children, Schools and Families whether personal data for which his Department is responsible is (a) stored and (b) processed overseas; and if he will make a statement. 
Mr. Jenkins: To ask the Secretary of State for Children, Schools and Families if he will take steps to reduce the number of hard copies of emails being printed unnecessarily by officials in his Department. 
Flexible and robustly maintained systems for electronic reading, production, transfer and filing of all documents to reduce the volume and need for hardcopy prints; and
Information and best practice techniques on how staff can help the Department reduce waste through careful use of scarce resources and new ways of working.
Keep reviewing the Department's waste management policy to ensure it aligns with Government intent and adopt any new initiatives relating to waste, where appropriate;
Encourage the generation of new ideas by staff to improve our waste handling;
Learn from our peers in the public sector and benchmark our progress against public and private sector organisations; and
Work with our recycling suppliers to develop more sustainable methods and reward innovation.
Roger Berry: To ask the Secretary of State for Children, Schools and Families what conclusions his Department has reached in fulfilment of the duty under section 3.111 of the statutory code of practice of the disability equality duty. 
Michael Gove: To ask the Secretary of State for Children, Schools and Families how many agencies, organisations and non-departmental bodies receive funding from his Department; and how much was spent on such bodies in each of the last three years. 
Kevin Brennan: ( )The Department for Children, Schools and Families was created in the( )machinery of government change in June 2007. The following table sets( )out the grant in aid received by each of the Department's non-departmental( )public bodies for the last three years taken from the resource accounts together( )with the funding provided to local authorities and other expenditure for the( )predecessor body the Department for Education and Skills. The other( )expenditure may include expenditure not relating to organisations. To provide( )the detail requested for relating to just DCSF would involve disproportionate( )cost. The Department has no Agencies.
|Analysis spending body|
|(1 )SFT became operational on 1 April 2006.|
(2 )The amount paid to local authorities has risen significantly in 2006-07 because from 1 April 2006 the Department became responsible for paying dedicated schools grants. These grants were previously issued by the Department for Communities and Local Government.
|Next Section||Index||Home Page|