Yesterday PwC released the long- attended report on HMRC incident. Poynter, chairmanf of PwC, reported that there was a general "lack of awareness amongst staff of the existence of security policies" and that "large amounts of data have transferred both within HMRC and to external government bodies with insufficient regard to risk and security". In addition there was a lack of training and an absence of accountability for the ownership and guardianship of data.
Part 2 of the report provides 45 recommendations and management actions, all in line with ISO27001 standard.
Here are the links to the reports:
PricewaterhouseCoopers' full Report: download (a briefing from out-law.com is available here)
Sir Gus O'Donnell0s full Report: download (a briefing from out-law.com is available here)
IPCC Report: download
Sir Edmund Burton's Report: download (+ MOD Action plan in response to Burton's report available here)