The UK's Department for
Transport (DfT) has had to prove the security of its main
financial management database as it moves to meet the Treasury's
requirements for financial reporting and ensure it complies with
government guidelines on secure system accreditation.
The DfT's IT solutions partner,
Computacenter, retained
Stockton-on-Tees-based security consultancy
Sapphire to do the work.
Sapphire completed the job in six of the allocated 10 days.
Weng Lam, the DfT's system accountant, said, "Since then, we
have commissioned Sapphire to carry out five days of penetration
testing in another DfT division."
Asked what risks the DfT faced, Lam said, "We had tight
timescales to be in line with the government financial reporting
calendar. However, careful planning resulted in an organised
project which ran to schedule."
The financial database, Terasolve sitting on SQL Server,
contains a nine-year record of data relating to departmental
budgets. The DfT runs
Information
Edge's Coins application, which feeds into the main Treasury
database. This meant it had to meet Government Secure Intranet
(GSI) accreditation standards.
The DfT uses Coins to take care of the financial requirements
for third-party divisions, such as the DVLA, to give a high-level
overview of budget utilisation for departments such as the
Treasury, and to track financial expenditure on individual
projects.