Background
The Ministry of Justice maintains a large number of IT systems, many of which are critical for court operations, probation, prison management, legal aid and criminal compensation payments. A cyber-attack on the Legal Aid Agency in 2024 led to well-publicised service disruption.
Scope
This study will examine whether the Ministry of Justice is effectively managing risks across its IT estate and prioritising resources to protect the most critical services. It will evaluate whether the Ministry of Justice:
- understands which IT systems pose the greatest risk to core business services
- has effective governance, investment and contingency arrangements in place
- is taking appropriate action to ensure the resilience of its IT systems and services
NAO team
Director: Jenny George
Audit Manager: David Raraty