Table of contents

IT Security Policy (Overview)

This policy gives an overview of information security principles and responsibilities within the Ministry of Justice (MoJ) and provides a summary of the MoJ’s related security policies and guides.

Related information

Technical Controls Policy


This policy is aimed at three audiences:

  • Technical users

    These are in-house MoJ Digital and Technology staff who are responsible for implementing controls throughout technical design, development, system integration, and operation. This includes DevOps, Software Developers, Technical Architects, and Service Owners. It also includes Incident Managers from the Event, Problem, Incident, CSI and Knowledge (EPICK) Team.

  • Service Providers

    Defined as any other MoJ business group, agency, contractor, IT supplier and partner who in any way designs, develops or supplies services (including processing, transmitting and storing data) for, or on behalf of, the MoJ.

  • General users

    All other staff working for the MoJ.

Within this policy, “all MoJ users” refers to General users, Technical users, and Service Providers as defined previously.

Associated documentation

For further guidance on IT Security, refer to the following policies.


All MoJ users shall:

  • Comply with the MoJ’s Acceptable Use Policy wherever they work.
  • Report all security incidents promptly and in line with MoJ’s IT Incident Management Policy.
  • Make themselves aware of their roles, responsibilities and accountability and fully comply with the relevant legislation as described in this and other MoJ guidance.
  • Be aware of the need for Information Security as an integral part of the day to day business.
  • Protect information assets under the control of the organisation.

Further information can be found in the IT Security All Users Policy.

Technical users

Technical users shall follow the guidance set out for all MoJ users in IT Security All Users Policy AND also comply with the IT Security Technical Users Policy.

Service Providers

Service Providers shall follow the guidance set out for all MoJ users in IT Security All Users Policy AND also comply with the IT Security Technical Users Policy.


  • This policy is enforced by lower level policies, standards, procedures and guidance.
  • Non-conformance with this policy could result in disciplinary action taken in accordance with the MoJ’s Disciplinary procedures. This could result in penalties up to and including dismissal. If an employee commits a criminal offence, they might also be prosecuted. In such cases, the MoJ always co-operates with the relevant authorities, and provides appropriate evidence.


Note: If you work for an agency or ALB, refer to your local incident reporting guidance.

Security Team

Contact details

For any further questions or advice relating to security, contact:


If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: