MPs reject international security standard

The House of Commons has no plans to adopt a globally accredited IT standard

MPs have snubbed an internationally accredited IT security standard promoted by the Department of Trade and Industry (DTI).

Responding to a question in Parliament, Liberal Democrat MP Sir Archy Kirkwood, who represents the House of Commons Commission, said the BS7799 security standard will only be used as a guide.

He said: "We have no plans at present to seek accreditation to BS7799 but the philosophy and best practice elements within the standard form an important part of our approach."

While many businesses adhere in principle to BS7799, few firms actually go through the pain of accreditation because it can be a lengthy and ongoing process. The current BS7799 register shows only 92 UK public and private sector organisations are accredited.

The last DTI security breaches survey also perversely found foreign countries adopt the standard more widely, with just 5.5 percent of UK businesses being compliant and 2.7 percent planning adoption this year.

The House of Commons Commission is a supervisory body of MPs who oversee the administration of the House. It would not comment on Parliamentary security arrangements but said that users of the Parliamentary Data and Video Network (PDVN) are protected.

Kirkwood revealed that users are subject to conventional password controls that restrict unauthorised internal access, while corporate firewalls and anti-virus software are in place to prevent external attacks. Measures are also in place for remote users.

He said: "For remote users, the introduction of data encryption, personal firewalls and anti-virus software with the new virtual private network service hosted on known parliamentary-issued personal computers will minimise the risk of unauthorised access and interception."