Independent Information Assurance Public Report - Census 2021
Date published:
Download the Independent Information Assurance Public Report - Census 2021.
Background
Bridewell Consulting, a National Cyber Security Centre (NCSC) certified cyber security consultancy, was engaged to undertake an overarching Independent Information Assurance Review (IIAR) of the security of the 2021 Census Programme.
It encompassed the people, process and technology used to deliver this, including the Census supply chain, for the Office for National Statistics (ONS) and the Northern Ireland Statistics and Research Agency (NISRA).
This was in order to identify risks to Census systems, services and information for attention before the Census, and to present an independent view of security maturity to stakeholders including the public.
Executive summary
The robust fundamentals of architecture, design and baselines that were deployed for the 2019 rehearsal remain in place and have continuously been assessed. The security maturity of Census solutions has continued to improve with further time, investment and attention.
There are 21 findings in the report and they are all of a Low or Informational level, indicating only sporadic deficiencies and areas for improvement, for example, a small number of corporate security policies requiring review, rather than factors presenting a significant risk to Census security.
Overall, this assessment has concluded that both ONS and NISRA have comprehensive security programmes in place designed to reduce the risk of compromise to the delivery of the Census and citizen data. The assessment found that strong controls were also in place to detect and respond to threats that may impact the Census when it is in live operation. This 2020 assessment has found that security controls in place have built upon and enhanced those in place during the 2019 rehearsal.