The UK's Department for Transport (DfT) has had to prove the security of its main financial management database as it moves to meet the Treasury's requirements for financial reporting and ensure it complies with government guidelines on secure system accreditation.
Weng Lam, the DfT's system accountant, said, "Since then, we have commissioned Sapphire to carry out five days of penetration testing in another DfT division."
Asked what risks the DfT faced, Lam said, "We had tight timescales to be in line with the government financial reporting calendar. However, careful planning resulted in an organised project which ran to schedule."
The financial database, Terasolve sitting on SQL Server, contains a nine-year record of data relating to departmental budgets. The DfT runs Information Edge's Coins application, which feeds into the main Treasury database. This meant it had to meet Government Secure Intranet (GSI) accreditation standards.
The DfT uses Coins to take care of the financial requirements for third-party divisions, such as the DVLA, to give a high-level overview of budget utilisation for departments such as the Treasury, and to track financial expenditure on individual projects.