HMRC backs Basda security drive
Software developement trade body unveils Code of Practice to allay public sector security fears
Julian Buck: It is important for vendors to be put under pressure
Software industry trade body the Business Application Software Developers Association (Basda) has responded to HMRC’s call to ensure software security.
HMRC is concerned that all the third-party software it uses for online services meets its stringent data security requirements.
The department recently examined the web sites of 30 software vendors and reported that only seven featured a statement dedicated to security principles. In response, Basda has drawn up the Software Security Code of Practice, which aims to allow vendors to demonstrate their security credentials. The code is voluntary and members can self-certify.
Signatories will be permitted to use a logo on their web site and will gain access to marketing materials. The trade body, whose 100-plus members include industry giants Microsoft and SAP, says the code will assure HMRC and other government bodies that vendors take security seriously.
HMRC has been quick to welcome the move. John Harrison, head of customer contact online for HMRC, said the job of preparing, submitting and storing data calls for the highest levels of security.
“HMRC is delighted to see the proactive stance that Basda and its members are taking in demonstrating their commitment to best practice,” he said.
The code focuses on five key areas: data protection legislation compliance; software function and data access controls; authorisation of data submitted to banks and statutory authorities; data storage and audit trails; and data backup and recovery.
Julian Buck, managing director of vendor Version One and a member of Basda’s general council, said the code applies equally to software usage in the private and public sectors.
“New business customers are putting increasing demand on vendors to satisfy security demands,” he said. “It is important for vendors to be put under pressure. This will be an endorsement.”