The Cabinet Office spends more than £7 million a year maintaining and remediating the risks posed by four legacy systems rated as posing the highest levels of risk, ministers have revealed.
Recent parliamentary disclosures have revealed that four IT systems are currently operating in central departments that were rated red in the Legacy IT Risk Assessment Framework produced by the Central Digital Data Authority, based within the Cabinet Office. became.
Red is the most severe rating, meaning the technology platform is operating at a “severe risk level where issues or failures are likely to occur and the potential impact of these issues may be severe.” indicates. framework.
Alex Burgert, cabinet office minister responsible for technology and data issues, said the department had spent “£21.4m over the past three years to “develop, maintain or transition” the four red rating systems. He revealed that he had set it up. .
“The spending within that time frame is consistent with the budget,” he said in response to a written parliamentary question from Labor MP Matt Rodda.
This equates to central departments spending over £7 million each year maintaining or remediating the four highest-risk legacy IT platforms.
The minister added: “Furthermore, the Cabinet Office is currently refining its approach to defining and managing legacy systems.”
The risk assessment framework created by CDDO has already identified numerous systems operating at the highest levels of risk across government.
This guidance was updated four months ago to include consideration of issues that may be caused by waning operational knowledge of the technology as part of the definition of legacy risk, as well as recent downtime issues. is also featured.
The expanded definition includes seven “indicators” that indicate that a hardware or software platform is likely to be considered legacy. Expiration of vendor contract. There are too few people with the necessary knowledge and skills. inability to meet current or future business needs; Incorrect hardware. Known security vulnerabilities, recent issues, or downtime.
The framework also considers six 'impact' areas affected by the use of legacy IT. Government reputation. Finance and Budget. External stakeholders. operations; other technology systems;
To determine the overall risk assessment of a legacy system, the assessment guidance provides a calculation that considers all seven indicators and their respective scores across six impacts.
Burkhart added in his parliamentary response: “The Cabinet Office has adopted the Legacy IT Assessment Risk Framework, a standardized methodology designed by the Central Digital Data Authority, to assess the risks associated with legacy digital technology assets across Her Majesty’s Government. The highest risk category within a work is known as a 'red rating'. This approach allows the Cabinet Office to develop a prioritized overview of legacy technologies and clearly highlight assets that require appropriate funding allocation for remediation planning and implementation. ”
At least 43 red rating systems are in use across government, 11 of which are in place in the Ministry of Defence, more than any other department, figures recently released by ministers revealed. In second place was the Courts and Tribunals Department with nine cases, followed by the Department for Work and Pensions with six cases, the Ministry of Justice with five cases, and the Cabinet Office and Revenue and Customs with four cases each.
