Universal Credit Programme - BSIMM & IPA Reports

Roedd y cais yn rhannol lwyddiannus.

Dear Department for Work and Pensions,

Background to Request
On 06 May 2022 the DWP disclosed redacted copies of Universal Credit IT security reports and audits. (ICO case reference: IC-85708- R7B0, DWP case reference: FOI2020/71493).

A number of the disclosed reports related to audit/assessments of the Universal Credit IT system against the BSIMM model (Building Security In Maturity Model).

As the disclosed BSIMM reports made it clear that a significant number of activities were “Not Observed” it is reasonable to assume that the UC Team completed the worked required to improve IT security and seek further audits/assessments.

Request for Information
RFI1: Is there someone within the UC Team who is responsible for IT security and for ensuring that the team fully complies with the activities specified in the BSIMM? If so, what is their job title (I do not want to know their name).

RFI2: Between 19 September 2018 and 17 June 2022 has the UC IT team been assessed/audited against the BSIMM by external organisations? If so, please disclose the dates of the audits/assessments.

RFI3: - Please disclose the BSIMM assessment/audit reports that were produced by external organisations for the period 19 September 2018 to 28 February 2022.

RFI4: Between 01July 2020 and 17 June 2022 has the IPA produced any further reports on the UC Programme? If so, please disclose them.
(Interpretation note: - if the IPA has produced a report about part of the UC Programme rather than at the ‘Programme Level’ then that falls within scope)

Yours faithfully,

John Slater

DWP freedom-of-information-requests, Adran Gwaith a Phensiynau

This is an automated confirmation that your request for information has
been received by the DWP FOI mailbox.
If your email is a valid Freedom of Information request, as per Section 8
of the FOI Act 2000, you can normally expect a response within 20 working
Please note that email FOI responses will be issued from
[1][email address]
We recommend that you add this address to your email contacts otherwise
the response may be treated as Spam or Junk mail.  
Should you have any further queries in connection with this request please
contact us.
Information on the Department for Work and Pensions can be accessed on
gov.uk here - [2]http://www.gov.uk/dwp

dangos adrannau a ddyfynnir


Visible links
1. mailto:[email address]
2. http://www.gov.uk/dwp


1 Atodiad

Dear John Slater,

I am writing in response to your request for information, received 17th

Yours sincerely,

DWP Central FoI Team