HEADQUARTERS AIR COMMAND
Royal Air Force
8 March 2012
Dear Mr xxxxxxx,
Thank you for your email of 9 February 2012 requesting information about the level of testing
conducted on the Bader.mod.uk, the storage location and policy on volunteer information held
on the Bader.mod.uk online system. I have been asked to reply. This has been considered as
a request for information in accordance with the Freedom of Information Act 2000 (FOIA).
BADER was tested and passed by the Ministry of Defence, Defence Security and Assurance
Services (DSAS). They conducted testing in accordance with the requirements set out in Joint
Service Policy 440 and found the system to comply with HM Government Infosecurity
Standards Impact Level 2, ultimately resulting in the BADER suite, including https://sms.bader.mod.uk,
being granted FULL Accreditation.
All bader.mod.uk sites and peripherals (databases) are stored at a RackSpace UK Limited data
centre. There are no external contractors or companies who have access to this data.
Volunteers within the ACO sign a consent form in accordance with the Data Protection Act,
personal information stored on MOD systems is held to very high security standards which are
ful y accredited by the MOD for that purpose. All personal information held is in ful compliance
with the Data Protection Act.
This information is used to manage careers and promotion, pay claims and expenses and to
support the control of wider budgets plan. It is also used at Squadron level to authorise and
report on Squadron activity. Without consent to store and use volunteer information in this way
it would not be possible to manage their career within the ACO without disproportionate effort
and therefore they could not continue to work with the organisation.
If you are not satisfied with this response or you wish to complain about any aspect of the
handling of your request, then you should contact me in the first instance. If informal resolution
is not possible and you are still dissatisfied then you may apply for an independent internal
review by contacting the Head of Corporate Information, 2nd Floor, MOD Main Building,
Whitehall, SW1A 2HB (e-mail firstname.lastname@example.org
). Please note that any request for an
internal review must be made within 40 working days of the date on which the attempt to reach
informal resolution has come to an end.
If you remain dissatisfied fol owing an internal review, you may take your complaint to the
Information Commissioner under the provisions of Section 50 of the Freedom of Information
Act. Please note that the Information Commissioner will not investigate your case until the
MOD internal review process has been completed. Further details of the role and powers of the
Information Commissioner can be found on the Commissioner's website, http://www.ico.gov.uk.