Original URL: http://www.theregister.co.uk/2008/02/22/child_database_review/

Deloitte flags risks of UK child database

No such thing as a secure database

By John Oates

Posted in Government, 22nd February 2008 09:32 GMT

A security review by Deloitte of one of the UK government's child databases - ContactPoint, which will contain an entry for every English child under 18 - has found it is generally secure. With some provisos.

Deloitte makes a timely reminder to a government convinced that securing databases is simply a technical problem: "Risk can only be managed not eliminated, and therefore there will always be a risk of data security incidents occurring."

More positively, the review found information security had "been ingrained" within people, processes, policy development, requirements definition and architecture.

But there were some concerns.

Deloitte recomends more control over access to data by administrators and programmers.

That processes are defined for the safe destruction of physical and electronic media and that clear security advice is given to all helpdesk staff on the production system.

Kevin Brennan, the under-secretary of state for children, young people and families, accepted the report's findings and said the government "will address them". ®