Delayed cyberattack detection and response
Significant delays in detecting and responding to cyberattack risks within government agencies, despite high-risk ratings.
132 items
9 sources
Source spread
Where this theme appears
Delayed cyberattack detection and response has been flagged across 9 independent accountability sources:
13 PFD reports
70 committee recs
4 HMICFRS recs
1 ICIBI rec
1 PPO rec
3 IOPC recs
4 NAO recs
19 IMB recs
17 LGO/SPSO decisions
When the same issue appears across inquiries, coroner reports, and regulators independently, it indicates a recurring issue across the public record.
Browse by source
Source-grouped records are useful for tracing where a concern came from. Large sections show the 50 strongest matches for that source; counts still show the full theme total.
PFD Reports (13)
Georgina Swindells
Concerns: The coroner identified concerns regarding delays in image transfer, a lack of available data to investigate the issue, the absence of an image transfer backup process, and the apparently erroneous scan report, raising the possibility of misreporting in the future.
Overdue
Leslie Carswell
Concerns: Technical difficulties in transmitting CT scans between trusts caused critical delays in deciding treatment plans for urgent conditions. These unresolved issues risk delaying life-saving care.
Response (Sandwell and West Birmingham Hospitals): The Image Exchange Portal (IEP) Standard Operating Procedure was updated to clarify how images are transmitted, including contingencies for out of hours and documentation requirements. All radiographers are being trained …
Overdue
Deborah Hopkinson
Concerns: Frequent equipment failures and significant delays in specialist consultant involvement due to lack of expertise and communication issues severely impacted patient diagnosis and treatment.
Response (Northern Care Alliance NHS Trust): The Trust plans to incorporate awareness of Cushing's Disease into annual training for Core Medical Trainees, using the case as a study, and will discuss the case at local and …
Responded
Glenys Button
Concerns: Inefficient and outdated neurosurgical referral systems, relying on switchboards and bleeps, cause delays and miscommunications, with no backup for busy on-call doctors. Modern digital solutions are available but not utilized.
Response (NHS Wales): An e-referral system is being piloted, with an evaluation to follow three months after the pilot starts; however, networking issues have delayed the pilot's extension. In the interim, additional measures …
Overdue
Carol Jennings
Concerns: The evidence revealed matters giving rise to concern.
Response (Queen Elizabeth Hospiatl Kings Lynn NHS Trust): A new electronic referral system for the Tissue Viability Nurse (TVN) service will be in place next month, and a weekly Documentation Task and Finish Group was set up to …
Responded
Darran Busby
Concerns: A critical flaw in the electronic patient record system allows radiology results requiring urgent follow-up to be inadvertently filed without clinician review, risking missed diagnoses and treatment delays.
Response (EMIS): EMIS is reviewing and will update the EMIS Web Hazard Log and Safety Case to reflect identified concerns; highlighting established system and training mitigations. EMIS is reviewing training material relating …
Response (North Cumbria Integrated Care NHS Foundation Trust): The Neurology team has stopped using the “file no Comment” button in favour of the “File and Comment” button. The Trust has notified colleagues in Primary Care and anticipate implementing …
Response (NHS North Cumbria Integrated Care): The neurology team has stopped using the 'file no comment' function and increased vigilance when reviewing results. A new standard operating procedure was developed and reports containing the text "significant …
Responded
Daniel Tilley
Concerns: Insufficient funding and staffing within police Communication and Control Units, compounded by inadequate officer numbers, consistently prevent timely responses to incidents, a long-standing issue particularly acute during peak demand.
Response (Home Office): The Home Office acknowledges the coroner's concerns and outlines the government's commitment to providing resources to the police, including increasing officer numbers and funding for Devon and Cornwall Police. They …
Response (Devon Cornwall Police): Devon and Cornwall Police detailed actions taken to address staffing and workload challenges in their CMCUs, including improvements in demand response times, implementation of wellbeing initiatives for personnel, and a …
Responded
Ian Darwin
Concerns: Tees Esk and Wear Valleys NHS Foundation Trust routinely fails to conduct timely serious incident investigations, allowing hazards to persist and compromising learning, despite past assurances and national guidelines for 60-day completion.
Response (TeesEsk and Wear Valleys NHS Foundation Trust): The Trust has contracted additional expert capacity for incident reviews, implemented weekly sitrep meetings, modified documentation and report templates, and is introducing more flexibility to Serious Incident Review Panels, and …
Response (Tees Esk & Wear Valley NHS Foundation Trust): The Trust has contracted additional expert capacity for incident reviews, implemented weekly sitrep meetings, modified documentation and report templates, and is introducing more flexibility to Serious Incident Review Panels, and …
Responded
Manoel Santos
Concerns: Delays in notifying foreign national offenders of immigration detention and inadequate access to legal advice are compounded by poor inter-agency communication and a lack of specialist prison staff for immigration matters.
Response (Home Office): The Home Office has implemented new commissioning and handling processes and established a Strategic Improvement Operations team within FNORC to log, review, and track recommendations from internal and external investigations, …
Response (Practice Plus Group): Practice Plus Group has implemented weekly and fortnightly meetings between healthcare management and prison governors to improve communication between agencies. They have also clarified the established process regarding concerns for …
Response (HM Prison and Probation Services): HMPPS has re-issued a notice to staff at HMP Belmarsh clarifying procedures for unlocking cell doors during the night state, emphasizing preservation of life takes precedence. Additionally, learning from probation-involved …
Overdue
Linda Banks
Concerns: Despite a thematic review identifying issues in mental health services, actions taken were ineffective in implementing change; serious incident investigations were also significantly delayed, compromising investigation quality and timely implementation of safety improvements.
Response (Tees Esk & Wear Valley NHS Foundation Trust): Tees, Esk and Wear Valleys NHS Foundation Trust has reviewed and incorporated the thematic review action plan into a larger improvement plan for the Durham and Darlington Crisis Team, restructured …
Responded
Dean Bray
Concerns: Staff in seclusion rooms could not make emergency calls directly, and paramedics faced delays accessing a patient due to unknown and unshared direct ward access routes, hindering emergency response.
Overdue
Liam Allan
Concerns: Inadequate visibility of riverside buoyancy aids and slow, telephone-based police-to-fire service communication create critical delays in emergency response, increasing drowning risks.
Response (London Fire Brigade): The London Fire Brigade has made significant changes to its radio system following the Grenfell Tower Inquiry, improving communication interoperability. They have also installed throwline boards, provided throwline training to …
Response (National Fire Chiefs Council): The National Fire Chiefs Council highlights the Fire Control Fire Standard and Guidance, the Multi-Agency Information Transfer (MAIT) system, and ongoing liaison with London Fire Brigade to ensure learning is …
Response (London Borough of Barking and Dagenham): The London Borough of Barking and Dagenham will undertake a survey and asset mapping of waterbodies and riverside locations, assess sites using risk assessment criteria, standardise safety equipment, and implement …
Response (London Borough of Havering): The London Borough of Havering will give further consideration to the lighting of life buoys at inland bodies of water, ensure new buoyancy aids meet British Standards and require white …
Response (City of London): The City of London acknowledges the concerns raised. The text describes various procedures and resources in place for managing incidents and ensuring safety, without stating a change in policy.
Responded
Stephen Page
Concerns: The electronic sensor system provides only a brief, visual CCTV alert without an audible alarm, making it easily missed by operators and risking lost opportunities for intervention.
Response (MAPP): MAPP has taken action by implementing an audible alarm system, instructing enhancement of physical perimeter safety measures (completion April 2026), and arranging suicide prevention awareness training.
Overdue
Committee Recommendations (70) — showing 50 strongest matches
#36 — HMRC acknowledges legacy IT systems and poor data management hinder AI adoption and increase cyber risks.
Recommendation: We asked HMRC whether the age of some of its IT systems were going to make it more difficult to adopt AI. HMRC agreed and considers the “critical thing with AI is making sure you really have a handle on …
Gov response: 6.1 The government agrees with the Committee’s recommendation. Recommendation implemented 6.2 HMRC has written to the Committee alongside this Treasury Minute response. 6.3 HMRC is well positioned to take advantage of emerging technologies, particularly AI, …
Accepted
#31 — HMRC acknowledges security concerns with third-party Making Tax Digital software, setting strict specifications.
Recommendation: We asked HMRC whether there were potential security concerns that could be posed by the third–party MTD software taxpayers use to submit their tax returns, including whether there were risks to HMRC’s own systems.63 In written evidence provided after our …
Not Addressed
#24 — HMRC’s legacy IT systems pose security, reliability, and cost risks.
Recommendation: HMRC explained that there are three key risks that arise from operating legacy systems: lower levels of security; lower reliability and resilience; and higher costs of system changes. HMRC said that its executive team and its digital team track how …
Gov response: 4.1 The government agrees with the Committee’s recommendation. Target implementation date: September 2025 4.2 HMRC will write to the Committee on its plans to address the remediation of its legacy IT systems with a forecast …
Accepted
#9 — Organised criminal groups' ransomware attacks severely disrupt public services and incur significant costs.
Recommendation: Organised criminal groups use ransomware and data extortion to make money.10 They do this by stealing and encrypting victims’ data and then demanding a ransom or threatening to the leak the data. In October 2023, 5 Q 2; C&AG’s Report, …
Gov response: 1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and …
Accepted
#30 — Mandate EU transport operators inform travellers of UK personal import rules by January 2027 deadline.
Recommendation: Regardless of SPS negotiation timings, the Government must not delay the implementation of the requirement for EU transport operators to draw travellers’ attention to UK rules on personal imports of products of animal origin beyond 31 January 2027. (Recommendation, Paragraph …
Gov response: The government accepts this recommendation and the importance of travellers understanding the rules that apply to them. GB legislation includes a requirement for international passenger transport operators to draw the attention of their customer to …
No Published Response
#25 — Legal Aid Agency experienced significant delays in detecting and responding to cyberattack risks
Recommendation: We asked LAA why it had taken so long to detect the attack and to then take systems offline.48 LAA explained that the risk of a cyberattack on its systems had been rated as extremely high on MoJ’s risk registers …
Gov response: 6.5 The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are …
Response Pending
#24 — Legal Aid Agency cyberattack went undetected for four months before system shutdown
Recommendation: MoJ and LAA acknowledged that the cyberattack on LAA’s online digital services began in December 2024, four months before the LAA detected the attack on 23 April 2025.46 LAA explained that in April, it took action to boost the security …
Gov response: 6.1 The government agrees with the Committee’s recommendation. Recommendation implemented: August 2025 6.2 The MoJ and LAA have already identified and shared lessons from the attack through several routes. Internally, across MoJ, this has taken …
Accepted
#1 — Committee reviewed HMP Dartmoor lease, legal aid provision, and LAA cyberattack management.
Recommendation: We took evidence from the Ministry of Justice (MoJ), HM Prison and Probation Service (HMPPS) and the Legal Aid Agency (LAA) to follow up on our recent scrutiny of several topics. This included HMPPS’s management of the lease renewal at …
Gov response: The government agrees with the Committee’s recommendation. comprehensive time-bound plan to be more systematic in supporting fee-charging public bodies, which will be shared with the Committee. As part of its remit, and as set out …
Accepted
#5 —
Recommendation: There is evidence that the UK, and our allies, face many malicious cyber- attacks both from rogue individuals and state-sponsored attacks from states such as Russia and China. These attacks are diverse in their nature and in their aims. Some …
Gov response: Hostile actors must understand that irresponsible behaviour in cyberspace will carry cost. The UK and our allies will continue to expose those that aim to do us and our institutions harm. No longer can they …
Under Consideration
#20 — GovAssure reveals significant gaps and low maturity in departmental cyber resilience.
Recommendation: In 2023, the Cabinet Office launched ‘GovAssure’, a cyber security assurance scheme, as part of its strategy to improve government organisations’ cyber resilience. Before GovAssure, departments self–assessed their performance against minimum cyber standards set by the Cabinet Office.43 In the …
Gov response: 4.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 4.2 DSIT is currently improving the way that they collect data on legacy systems across government. 4.3 Departments will continue to be …
Accepted
#19 — Government Cyber Coordination Centre improves information sharing but remains in early stages.
Recommendation: We asked the Cabinet Office what structures it had in place to share information about cyber security with permanent secretaries and throughout departments.40 The Cabinet Office told us that it had launched the Government Cyber Coordination Centre (GC3) in September …
Gov response: 3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 3.2 The government recognises the importance of embedding security expertise at the heart of departmental decision making. 3.3 There is a clear …
Accepted
#18 — Departments remain reluctant to share cyber incident information, hindering collective learning.
Recommendation: We asked the Cabinet Office what the impact was when departments did not share information about their cyber incidents. The Cabinet Office agreed that sharing data is essential to learn lessons, understand vulnerabilities, share best practice and work out what …
Gov response: 3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 3.2 The government recognises the importance of embedding security expertise at the heart of departmental decision making. 3.3 There is a clear …
Accepted
#11 — Government's current cyber resilience levels remain inadequate to effectively respond and recover from attacks.
Recommendation: We pressed the Cabinet Office on what assurance it could give us that government was keeping up with the cyber threat.17 The Cabinet Office’s assessment was that there was already a gap in government’s ability to respond and that this …
Gov response: 1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and …
Accepted
#8 — Nation states pose increasing risk of espionage and disruptive cyber attacks on essential services.
Recommendation: The Cabinet Office highlighted concerns about nation states’ intent to conduct espionage and disrupt essential services.8 It described a campaign of espionage by Russian military intelligence that involved stealing and leaking data, and defacing websites. The Cabinet Office considered disruptive …
Gov response: 1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and …
Accepted
#7 — Government faces rapidly evolving and increasingly sophisticated cyber threats from capable adversaries.
Recommendation: The Cabinet Office told us that we should be extremely worried by the rapidly evolving cyber threat, which is the most sophisticated it has ever been. It explained that over the last three years, government’s adversaries, which include nation states …
Gov response: 1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and …
Accepted
#26 — Legal Aid Agency acknowledges critical lessons learned from cyberattack response and provider burden
Recommendation: LAA acknowledged that contingency measures it put in place to keep the legal aid system going placed additional burdens on providers, and that there are several lessons to be learned from the attack. This included, ensuring senior leaders understand risks …
Gov response: 6.5 The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are …
Response Pending
#6 — Require MoJ and LAA to detail cyberattack lessons and funding for system vulnerabilities.
Recommendation: Despite lessons learned from the cyberattack on the LAA, funding to address weaknesses across MoJ systems is uncertain. Vulnerabilities in LAA’s systems had been on MoJ’s risk register since 2021. However, MoJ’s investment of over £50 million to transform and …
Gov response: The government agrees with the Committee’s recommendation. several routes. Internally, across MoJ, this has taken place at: MoJ Audit and Risk Assurance Committee; within the MoJ Executive Committee and Senior Leadership Group; and with the …
Accepted
#25 — Department maintains a prioritised cyber incident response and business continuity framework
Recommendation: The Department explained that it had a security incident response framework in place that, in the case of a cyber attack, would enable it to keep its services running as much as possible. It told us that its business continuity …
Gov response: 5.1 The government agrees with the Committee’s recommendation. Recommendation implemented 5.2 By 2030-31 the department’s legacy systems will become outdated. This could affect the department’s ability to deliver services efficiently and may lead to higher …
Response Pending
#20 —
Recommendation: In our 2018 report on the WannaCry Cyber-attack on the NHS, we found that the Department and its arm’s-length bodies were unprepared for the relatively unsophisticated WannaCry attack and had a lot of work to do to improve cyber-security for …
Not Addressed
#8 —
Recommendation: The risks associated with legacy systems include that they can be difficult and expensive to support, lack operational resilience for key government services, and be vulnerable to cyber-attack. This exposes government to what is likely to be an uncertain but …
Gov response: 2: PAC conclusion: There is no clear plan to replace or modernise legacy systems and data that are critical to service provision but are often old, unsupportable, vulnerable and a constraint on transformation. 2: PAC …
Not Addressed
#7 — Legacy IT systems pose significant risks to government AI adoption and cybersecurity.
Recommendation: DSIT told us that it was a matter of urgency that the issue of legacy systems in government is addressed, not only to take advantage of the opportunities offered by AI, but also to address other risks including cyber security …
Gov response: The government agrees with the Committee’s recommendation. Target implementation date: Winter 2025 1.2 The Department for Science, Innovation and Technology (DSIT) will carry out this work in two steps. Firstly, working with HM Treasury (HMT), …
Accepted
#31 — Over-reliance on limited strategic IT suppliers creates significant cyber security risks.
Recommendation: Based on written evidence, we asked the Cabinet Office about the advantages and disadvantages of relying on a few strategic suppliers.67 The Cabinet Office acknowledged that trying to maximise value for money and interoperability while managing the risks was not …
Gov response: 5.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 5.2 The government recognises the importance of managing the risk in ALBs and their supply chains. Whilst services can and in many …
Accepted
#30 — Government faces complex challenges managing cyber security risk within its supply chain.
Recommendation: We asked the Cabinet Office how Government managed the cyber security of its supply chain. The Cabinet Office told us that managing supply chain risk was complex and difficult. Government’s supply chain has been the source of incidents with serious …
Gov response: 5.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 5.2 The government recognises the importance of managing the risk in ALBs and their supply chains. Whilst services can and in many …
Accepted
#16 — Departments demonstrate insufficient ownership of cyber risk and hinder information sharing.
Recommendation: Accounting officers in departments are responsible for protecting the security of their organisations and managing their department’s cyber risk, but they have not taken sufficient ownership of this responsibility. Often, membership of departments’ most senior boards does not include a …
Gov response: 3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2026 3.2 The government recognises the importance of embedding security expertise at the heart of departmental decision making. 3.3 There is a clear …
Accepted
#22 — Collaborate with platforms to identify and track disinformation actors and their online spreading techniques.
Recommendation: Foreign interference and disinformation campaigns, with use of technology such as bots and AI, put UK citizens at risk. The possibility that some of the divisive messages and deceptive content spread by users—and amplified by algorithms—last summer were part of …
Gov response: We recognise the risk that foreign interference in the UK can pose, both to society as a whole and individuals. Our analysis published at the end of 2024 highlighted a variety of ways in which …
Not Addressed
#21 —
Recommendation: As HMRC moves towards a fully digital tax system, the capability of its IT systems, including in terms of cyber security, will become increasingly important to HMRC’s ability to operate effectively. HMRC has recognised that, due to the need in …
Gov response: 5.1 The government agrees with the Committee’s recommendation. Recommendation implemented 5.2 The department has been addressing its legacy technical debt since 2019 and received funding of £268 million at the 2020 Spending Review to continue …
Under Consideration
#6 —
Recommendation: A significant software update is needed to begin Trial Operations, which will allow up to 24 trains an hour to run through the central section.10 Any unexpected issues with software may take time to fix and we have reported on …
Gov response: agree with the Committee’s conclusion. The £16.5 billion extra funding from Spending Review 2020 will support the aims and priorities outlined in the Integrated Review to better counter developing and future threats. Further detail and …
Under Consideration
#23 —
Recommendation: As the NAO reported, the PNC’s current technology will no longer be fully supported beyond 2024. The Department told the NAO that it had decided to accept the risk of running the PNC without support for the database after 2024.46 …
Not Addressed
#22 —
Recommendation: The Department also confirmed that there had been an outage earlier this year, which was due to a problem with network availability and the ‘wider PNC ecosystem’ in its Hendon data centre, affecting the ability of the police to access …
Not Addressed
#21 —
Recommendation: Concerning the January 2021 incident, the Department told us that all deleted data had now been recovered and everything that had gone wrong in January had been put right.38 The Department said that the data had been recovered by the …
Not Addressed
#20 —
Recommendation: The PNC has consistently met its service availability targets in recent years; from January 2020 to March 2021 the PNC’s availability was 99.74%, exceeding the Department’s target of 99.65%. However, in January 2021, the PNC experienced a data loss affecting …
Not Addressed
#4 —
Recommendation: The police must continue to rely on the PNC for another five years, despite the risks to its availability. The PNC is the most important law enforcement technology system in the UK, and it is vital that it is constantly …
Gov response: 5. PAC conclusion: Departments often struggle to track benefits as closely as they track costs
Under Consideration
#2 —
Recommendation: There is no clear plan to replace or modernise legacy systems and data that are critical to service provision but are often old, unsupportable, vulnerable and a constraint on transformation. Legacy systems, some of which date back to the 1970s, …
Gov response: 2022. It should report against these metrics annually to enable Parliament and the public to determine what progress it is making towards meeting the objectives set out in the Government’s 25 Year Environment Plan. 2.1 …
Accepted
#19 —
Recommendation: The government’s decision in July 2020 to reduce its dependency on technology originating from certain high-risk vendors could introduce delays and additional expense to nationwide roll-out.61 The Department estimated that the removal of high-risk vendors’ 52 DRB0004 DCMS recall (Broadband), …
Gov response: 6.2 BDUK will publish its profile to reach at least 5% of non-commercial premises by the end of 2025 in its 2022-23 corporate plan. As well as achieving the 85% target, the contracts that BDUK …
Not Addressed
#20 —
Recommendation: The Department has a substantial legacy technology estate, in part because it has not prioritised the investment needed to keep it up to date.63 Defence Digital, the organisation responsible for leading on the digital strategy, estimates it will cost £11.7 …
Not Addressed
#23 — Cabinet Office preparing contingencies for Capita's IT readiness, awaiting September 'go/no-go' decision
Recommendation: We checked with the Cabinet Office what contingency plans it had should Capita’s IT systems not be ready on the transition date. The Cabinet Office asserted that it had several plans, including a more gradual roll-out of the Capita technology, …
Gov response: 5. PAC conclusion: There is a clear risk that Capita will not be ready to take over administration of the Scheme as planned on 1st December 2025. 5. PAC recommendation: • The Cabinet Office needs …
Accepted
#11 —
Recommendation: Prior to the US sanctions announced in May, the risk of Huawei products remaining in the UK’s 5G networks was, according to the Government, significant but manageable through monitoring and regulation. The situation changed when Huawei was deprived of reliable …
Gov response: The Government welcomes the Committee’s conclusions and recognition of the Government’s response to the changed context. The Government’s position as set out in January related to high risk vendors generally; however, the US sanctions in …
Under Consideration
#18 —
Recommendation: The Department has outlined plans to ensure Border Crossing systems are available at crossing points other than the 56 major entry points which will have permanent access to the system. The Department stated that this will involve a mobile capability …
Gov response: The government has nothing further to add to the evidence it gave to the Committee at the hearing on 1 February 2021.
Under Consideration
#17 —
Recommendation: The latest roll-out of Border Crossing started on time at the beginning of December
Gov response: 5: PAC conclusion: We see a clear risk that the Department will not be able to deliver the programme by the end of March 2022. 5: PAC recommendation: The Department should set out and explain …
Under Consideration
#11 —
Recommendation: The telephone system Capita uses in the live service for its operations—including contacting offenders—has been in place since 2005. Since May 2021, there have been six 13 Q 24; C&AG’s report, paras 3.6–3.7 14 Q 36 15 Qq 33, 36 …
Gov response: 2.2 His Majesty’s Prison and Probation Service (the agency) has successfully completed the first stages of technical refresh, including replacing obsolete field officer tablet applications and addressing IT health check findings. Further remediation work, including …
Partially Accepted
#10 —
Recommendation: HMPPS intended Gemini to replace the current case management system (‘Integrity’) which had been in use since 2012 and must now be relied on until 2024. The NAO found that many of its applications were no longer supported by manufacturers …
Gov response: 2.2 His Majesty’s Prison and Probation Service (the agency) has successfully completed the first stages of technical refresh, including replacing obsolete field officer tablet applications and addressing IT health check findings. Further remediation work, including …
Partially Accepted
#21 —
Recommendation: Taiwan is under considerable pressure as China pursues targeted foreign information manipulation and interference campaigns to sway public opinion and change the terms of international diplomatic engagement. There are increasing concerns that increased hybrid attacks are setting the ground for …
Response Pending
#15 — Defra lacks a clear strategy for transforming digital services despite a 10-year transformation goal.
Recommendation: Defra told us that it had so far focused on stabilising its legacy applications to reduce the risks of cyber-attack or operational failure and on developing and implementing the IT systems needed for EU Exit, rather than work to reduce …
Gov response: The government agrees with the Committee’s recommendation. Target implementation date: March 2024. Defra’s Executive Committee (ExCo) approved a long-term approach to digital and data for Defra and its biggest arm’s length bodies in June 2023, …
Accepted
#10 — Defra's legacy system resolution extends to 2030, with many applications requiring "hyper-care".
Recommendation: The NAO also found that Defra did not expect to resolve all its legacy issues until 2030.15 For example, Defra told us that it had worked with the Central Digital & Data Office (CDDO) to establish which services were most …
Gov response: The government agrees with the Committee’s recommendation. Recommendation implemented. Defra is modernising its services and putting users at the heart of developing service improvements. Defra will use best practice techniques such as user research, business …
Accepted
#14 — Ofcom has yet to develop automated data collection systems for non-supervised providers.
Recommendation: For the non-supervised service providers, Ofcom will monitor their compliance through automated data collection and analysis processes, supported by information from partner organisations that deal with the various harms. Ofcom told us that it has yet to develop the automated …
Gov response: 3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2025 3.2 Given the scale and scope of the regime, Ofcom is designing data-driven tools to identify potential risks, including non-compliance. 3.3 A …
Accepted
#10 —
Recommendation: Furthermore, whilst the risk remained manageable, it is important to remember the benefits in having a greater number of vendors involved in 5G network provision, despite the designation as high-risk, as this improves overall network resilience should a single vendor …
Gov response: The Government agrees that the UK market will benefit from a greater number of vendors. We have developed the 5G Supply Chain Diversification Strategy, published on 30 November, to diversify the supply chain. We are …
Accepted
#54 —
Recommendation: Basic services were cut off at the start of the conflict and more than 4.5 million people have been without adequate power or communications for more than four months.129 Filippo Grandi pointed out that the closure of the banking and …
Gov response: The UK will work through the multilateral system, in partnership with other donors, to address the restoration of basic services drawing on experience from other crises. At present the level of insecurity means that basic …
Not Addressed
#6 —
Recommendation: There is a risk that the Department still lacks the capacity to prioritise and deliver major digital programmes on time. In common with many other government departments and agencies, the Department is reliant on a range of legacy technology systems …
Gov response: 1. PAC conclusion: The pandemic has demonstrated the importance of departments retaining sufficient capacity to respond to emergencies when identifying potential efficiencies.
Under Consideration
#7 —
Recommendation: Government’s ambition for the UK to have the “world’s most effective border by 2025” relies on cross-government digital programmes, in which it does not have a good track record. In December 2020 the government published its strategy to put in …
Gov response: 7.1 The government agrees with the Committee’s recommendation. Target implementation date: October 2022 7.2 Delivery of the 2025 Border Strategy is well underway, and programmes and pilots will deliver tangible benefits to UK businesses over …
Not Addressed
#7 —
Recommendation: The Government and NHS England must set out detailed plans for how the £2.3 billion investment in Community Diagnostic Centres will be utilised, in particular detailing how many additional CT, MRI and PET-CT scanners and endoscopy suites the investment will …
Gov response: The Department and the NHS have published the Delivery Plan for Tackling the COVID-19 Backlog of Elective Care. This plan sets out a clear vision for how the NHS will recover and expand elective services …
Under Consideration
HMICFRS Recommendations (4)
FRS 2018-19 CoC Recommendations: Cornwall Fire and Rescue Service
Cause of concern: We have serious concerns about Cornwall FRS’s response to incidents. The service consistently doesn’t meet target response times for fires, especially in remote areas served by on-call stations. It is sometimes slow to update mobile data terminals …
Recommendation
FRS 2023-25 CoC Recommendations: Avon Fire and Rescue Service
Cause of concern: The service’s mobilisation system, which records information and dispatches resources to emergency incidents, isn’t reliable and crashes during emergency 999 calls. This unnecessarily delays the mobilisation of resources, which results in the public receiving a slower response …
Recommendation
FRS 2023-25 CoC Recommendations: Avon Fire and Rescue Service
Cause of concern: The service’s mobilisation system, which records information and dispatches resources to emergency incidents, isn’t reliable and crashes during emergency 999 calls. This unnecessarily delays the mobilisation of resources, which results in the public receiving a slower response …
Recommendation
FRS 2023-25 CoC Recommendations: Avon Fire and Rescue Service
Cause of concern: The service’s mobilisation system, which records information and dispatches resources to emergency incidents, isn’t reliable and crashes during emergency 999 calls. This unnecessarily delays the mobilisation of resources, which results in the public receiving a slower response …
Recommendation
ICIBI Immigration Recommendations (1)
IOPC Learning Recommendations (3)
Recommendations - Greater Manchester Police, May 2024
The IOPC recommends that Greater Manchester Police reviews the current safeguards that are in place to prevent human error causing an unplanned server shutdown, within the force IT infrastructure, in the future, and ensures if it were to happen again, …
Investigations into the actions surrounding a missing persons enquiry - Metropolitan Police …
The IOPC recommends that the Metropolitan Police Service (MPS) consider allocating a Force Control Supervisor each shift to monitor messages sent between the MPS incident recording system (known as CAD) and the call handling system (CHS). The investigation identified that …
Road traffic collision following police pursuit – Metropolitan Police Service, November 2019
The IOPC recommends that an update should be sent as soon as possible, to all Metropolitan Police Service vehicle users to advise of the new potential fault within the Cleartone system, whereby the internal battery fails. This should indicate the …
NAO Audit Recommendations (4)
Lessons learned: tackling fraud and protecting propriety in government spending during an …
p) We recommend the Central Digital and Data Office work with departments and the Public Sector Fraud Authority to extend the remit of the essential shared data assets plan to: Consider what data-sharing arrangements could be set up now. In …
Accepted
Lessons learned: tackling fraud and protecting propriety in government spending during an …
o) We recommend the Central Digital and Data Office work with departments and the Public Sector Fraud Authority to extend the remit of the essential shared data assets plan to: Review the extent to which these datasets are accessible and …
Accepted
Lessons learned: tackling fraud and protecting propriety in government spending during an …
n) We recommend the Central Digital and Data Office work with departments and the Public Sector Fraud Authority to extend the remit of the essential shared data assets plan to: Work out now what current datasets might be needed in …
Accepted
The government’s preparedness for the COVID-19 pandemic: lessons for government on risk …
The Cabinet Office should work with government departments to ensure that their risk management, business continuity and emergency planning are more comprehensive, holistic and integrated. This involves ensuring that the government can rely on timely and good-quality data in the …
Accepted
IMB Recommendations (19)
High Down (2024)
The Government should tackle the increase in drone activity as a means of ingress of illicit items into prisons.
Ministry of Justice
Warren Hill (2020)
The Board reiterates its hope that Warren Hill will soon be included in the development of in-cell telephony.
HMPPS
Warren Hill (2020)
The Board understands that planned work to correct this [telephony and data lines] has been delayed but hopes that the work will be completed as soon as possible.
HMPPS
Wandsworth (2020)
The CCTV system throughout the prison was unreliable and not fit for purpose. The Ministry of Justice has authorised funding for an upgrade. When will work commence?
HMPPS
Cardiff (2021)
The Board is concerned that the use of body worn cameras (BWC) is being affected by the need to service and replace cameras. We understand that HMP Cardiff will have cameras replaced in February 2022: we hope that will not be delayed further (para 4.5.2).
HMPPS
Low Newton (2022)
The Prison Service should consider replacing the CCTV system to assist in monitoring incidents around the prison.
HMPPS
Swaleside (2024)
The incursion of drones needs to be addressed on a national basis, with a viable solution found for the whole estate.
Other
Norwich (2025)
Will the Prison Service please advise when a complete overhaul of the current perimeter security surveillance equipment will take place?
HMPPS
Huntercombe (2020)
To investigate the possibility of improved technology across the prison to facilitate meetings and monitoring by the IMB in the event of a further lockdown situation.
Governor / Director
Brinsford (2021)
The information technology (IT) at Brinsford is old and failing, and needs to be updated. Long periods without a working network are potentially dangerous and, even at its best, this makes it difficult for staff to do their jobs well. Investment in a good IT system would improve many outcomes for staff and prisoners.
Ministry of Justice
Kirkham (2022)
While a number of major projects (i.e. new timbers building, new gym and new concept building) have either been completed or are well advanced, the CCTV is in need of an urgent upgrade.
HMPPS
Brinsford (2022)
The information technology (IT) at Brinsford is old and failing. While improvements were being discussed and due to be implemented in the 2022-23 reporting year, it needs to be noted that improvements are desperately needed. Hopefully the improvements and investments will improve many outcomes for staff and prisoners.
HMPPS
Winchester (2023)
When will the finance be approved for the modernised CCTV system and when will the necessary cameras, connectivity and software be installed?
HMPPS
Thameside (2023)
The Board continues to have issues with IT accessibility for new members. The process for setting up new members with IT access is not transparent, involves a number of stages and invariably takes far too long – four to six weeks for some of our recent members.
Governor / Director
Gartree (2023)
Will the Governor continue to push for improvements to the security systems to help prevent the influx of illicit items through the gate and/or via drones, etc? What additional steps is the Governor taking to reduce the importation of illicit items, including drugs and mobile phones?
Governor / Director
Exeter (2023)
Ensure the project to update CCTV in the prison is progressed as quickly as possible?
HMPPS
Long Lartin (2024)
Security systems: operation of current electronic security protection falls below expectation of that originally specified for a high security prison. Pending formal approval and installation of a completely new system, what local short term plans exist to improve confidence in the safe operation of the prison?
Governor / Director
Moorland (2025)
When will inadequate bandwidth, which prevents the consistent deployment of body worn video cameras, be addressed?
HMPPS
Doncaster (2025)
The Board continues to be frustrated by the lengthy delays faced by staff and IMB members when using the Serco remote IT service, particularly for new members. This issue, common with other third-party providers, could have been resolved more quickly with on-site support. What action will you take to ensure faster, more reliable IT support and prevent these delays, especially …
Governor / Director
LGO / SPSO Decisions (17)
21-011-288 — London Borough of Hackney
Summary: Mr C complained that the Council failed to take adequate action to control anti-social behaviour by his neighbours in the block where he lives and wrongly refused his application for the ‘community trigger’. The Council was at fault because its out-of-hours noise reporting system was inoperable after a cyber-attack …
LGO (Local Government & …
Environment And Regulation
Upheld
Aug 2022
22-001-553 — Gloucester City Council
Summary: Mr X complained the Council failed to provide local land charge search results following a cyber attack. He said it caused delay in the sale of his property. The Council failed to provide a service, but its response limited any injustice to Mr X.
LGO (Local Government & …
Other Categories
Upheld
Nov 2022
24-013-245 — London Borough of Hackney
Summary: The complainant, X, complained that a Cyber Attack on the Council’s systems meant they were unable to pay Council Tax at the time. X was billed for Council Tax during the financial year and so the Council’s offer of a payment plan is reasonable. There was fault, as the …
LGO (Local Government & …
Benefits And Tax
Upheld
Apr 2025
21-007-452 — Stockport Metropolitan Borough Council
Summary: Mr G complained about delays in obtaining a taxi licence. We found fault in the time taken for the Council to resume testing of candidates, suspended at the outset of the COVID-19 pandemic and in misleading statements it made to Mr G during that suspension. This caused Mr G …
LGO (Local Government & …
Environment And Regulation
Upheld
May 2022
20-003-958 — London Borough of Hillingdon
Summary: The Council’s delay approving a Disabled Facilities Grant is fault. The Council has agreed to apologise, pay £2,300, and take action to improve its services.
LGO (Local Government & …
Adult Care Services
Upheld
Jan 2022
21-011-226 — London Borough of Hackney
Summary: Ms B complained that the Council delayed in processing her change of circumstances and she may have missed out on the opportunity to be rehoused in a suitable property as a result. We found the Council delayed in processing Ms B’s change of circumstances between July and September 2020. …
LGO (Local Government & …
Housing
Upheld
May 2022
24-010-997 — Essex County Council
Summary: We will not investigate Miss X’s complaint about delays in the Education Health and Care Plan process. This is because the Council has agreed to apologise to Miss X and pay her £100 per month for the delay. We consider this an appropriate remedy and further investigation is therefore …
LGO (Local Government & …
Education
Upheld
Oct 2024
24-009-706 — Essex County Council
Summary: We will not investigate Ms X’s complaint about delays in the Education Health and Care Plan process. This is because the Council has agreed to apologise to Ms X and pay her £100 per month for the delay. We consider this an appropriate remedy and further investigation is therefore …
LGO (Local Government & …
Education
Upheld
Oct 2024
21-001-627 — London Borough of Enfield
Summary: Mr X complained the Council failed to remove stacked shipping containers near to his home. The Council was at fault for not taking the enforcement action it said it would. The Council will pay Mr X £300 for the avoidable time and trouble caused by having to complain and …
LGO (Local Government & …
Planning
Upheld
Jan 2022
22-000-086 — Slough Borough Council
Summary: We will not investigate this complaint that the Council has not properly investigated a potential attempted fraud as criminal matters are for the police. Mrs X’s concerns about data protection are best dealt with by the Information Commissioner’s Office.
LGO (Local Government & …
Other Categories
Apr 2022
22-000-434 — London Borough of Waltham Forest
Summary: We will not investigate this complaint about the Council’s decision to grant prior approval for a telecommunications mast near Mr X’s home. This is because there is insufficient evidence of fault in the way the Council considered an application for prior approval for a telecommunications mast near his home. …
LGO (Local Government & …
Planning
Apr 2022
23-021-311 — Exeter City Council
Summary: We will not investigate this complaint about a delay by the Council in responding to a Freedom of Information request. This is because it is a matter for the Information Commissioner.
LGO (Local Government & …
Other Categories
May 2024
24-002-944 — Dartford Borough Council
Summary: We will not investigate Mr X’s complaint about a data breach. This is because it is better dealt with by the Information Commissioner's Office.
LGO (Local Government & …
Other Categories
Jun 2024
25-005-339 — London Borough of Lambeth
Summary: We will not exercise discretion to investigate this complaint about defects to grant-aided works carried out in 2021. This complaint was received outside the normal 12-month period for investigating complaints. There is no evidence to suggest that Miss X could not have complained to us sooner.
LGO (Local Government & …
Adult Care Services
Oct 2025
24-004-406 — London Borough of Hackney
Summary: We will not investigate Mr X’s complaints about the Council’s handling of his COVID-19 business grant applications. This is because the complaints are late and I have seen no good reasons to exercise our discretion to investigate them. We cannot investigate Mr X’s complaint that the Council has applied …
LGO (Local Government & …
Benefits And Tax
Oct 2024
21-017-567 — Transport for London
Summary: We will not investigate this complaint about a congestion charge as Transport for London has cancelled the charge.
LGO (Local Government & …
Transport And Highways
Mar 2022
21-013-837 — Bristol City Council
Summary: Mr X complained about the actions the Council took to recover an unpaid fixed penalty notice and the lack of response to a complaint he made in 2017. The Council was not at fault for not sending a court summons to Mr X via email.
LGO (Local Government & …
Environment And Regulation
Not Upheld
Mar 2022