The Department for Transport (DfT) is aiming to refresh its cyber security policies with the aim of shedding those that are out-of-date.
It has launched a security improvement project and begun to look for specialist support in carrying out a review, rationalising and proposing a new list of policies.
According to the market notice it currently has over 100 policies on information and cyber security, most of which are hard to find, out of date or no longer wholly appropriate. This is undermining its efforts in the field as its staff often have to ask for guidance and often fail to follow the policies.
it says there is a need to review and revise the list and make policies “concise, comprehensive, consistent, appropriate and easy to understand”.
A review against the Government’s Minimum Cyber Security Standard has already been completed, and although the report has not yet been completed the DfT says it knows there is room for improvement.
It states: “As someone working for DfT I need to have easy access to policies that explain simply and clearly how I should handle information of different sensitivities and in different circumstances. I also need to understand what I can and cannot do with the digital equipment and services that DfT provides to help me do my job.”
The project will involve the department’s digital service division working with a supplier over the next four months.
Image from iStock