INFORMATION REQUEST - RECORD of KEY INFORMATION FOIA/Doc/B

FOIA/DOC/O

“PROVISION OF INFORMATION”

By e-mail: /
Council Offices, Wellington Road
Ashton-under-Lyne, Tameside.
OL6 6DL
Call Centre 0161-342 8355
FAX 0161-342 2747
Minicom 0161-342 3170
Your Ref FOI/ICT/DS/01
Our Ref FOI/IT/NC2/31810
Ask for Norman Crawford
Direct Line 0161 342 2197
Date 31/08/10

Dear Mr Schneider

Re: YOUR REQUEST FOR INFORMATION UNIQUE REFERENCE NUMBER: FOI/ICT/DS/01

Thank you for your request for information, which was received by Tameside Metropolitan Borough Council on the 13th August 2010 and which the Council has considered under the provisions of the Freedom of Information Act 2000. I understand this request to be as follows:

“I wish to make a request under the Freedom of Information Act. The following questions and information I wish to have sent to me are follows:

Provide, name, address and telephone number for the following people:

·  Senior Information Risk Owner

·  Governance Manager

·  Information Security Officer/Manager

·  Information Technology Security Officer/Manager

·  Caldecott Guardian

PCI-DSS

·  Does your organisation process electronic payment cards?

·  How much money is processed from electronic payment cards per

·  annum?

·  How many electronic payment card transactions are processed per

·  annum?

·  Are you PCI-DSS compliant?

ISO 27001

·  Are you or have you considered becoming ISO 27001 compliant or certified?

Government Connect

·  Are you connected and operationally utilising the Government

·  Connect network? If not have you considered connecting to Government Connect and why was the decision made not to connect?

·  Do you meet the Government Connect version three requirements?

·  Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

·  Do you meet the Government Connect version four requirements?

·  Please supply the latest internal report for the Government Connect version four Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.

Criminal Justice Network

·  Are you connected to and operationally utilising the Criminal

·  Justice Network? If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?

·  Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

NHS N3 Network

·  Are you connected to and operationally utilising the NHS N3 Network? If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?

·  Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

·  Do both schools and the Council share the same physical network responsible for voice and data communications”

I am pleased to advise that the Council can provide most of the information that you have requested where we hold it. I have summarised the information as follows:

Provide, name, address and telephone number for the following people:

• Senior Information Risk Owner

Wendy Poole

Council Offices, Room 2.33A

Wellington Road

Ashton-under-Lyne

OL6 6DL

0161 342 3842

• Governance Manager

Sandra Stewart

Council Offices, Room 1.12

Wellington Road

Ashton-under-Lyne

OL6 6DL

0161 342 3028

• Information Security Officer/Manager

Derek Clarke

Council Offices, Room 7.1

Wellington Road

Ashton-under-Lyne

OL6 6DL

0161 342 2773

• Information Technology Security Officer/Manager

Derek Clarke

Council Offices, Room 7.1

Wellington Road

Ashton-under-Lyne

OL6 6DL

0161 342 2773

• Caldecott Guardian

Andrea Collier

Council Offices, Room 2085

Wellington Road

Ashton-under-Lyne

OL6 6DL

0161 342 3730

PCI-DSS

Does your organisation process electronic payment cards?

Yes

How much money is processed from electronic payment cards per annum?

£10,313,957.25 in 2009/10

How many electronic payment card transactions are processed per annum?

106,497 credit / debit card transactions in 2009/10

Are you PCI-DSS compliant?

Partially compliant

ISO 27001

Are you or have you considered becoming ISO 27001 compliant or certified?

Working towards compliance with ISO 27001 (not accreditation)

Government Connect

Are you connected and operationally utilising the Government Connect network?

Yes

Do you meet the Government Connect version three requirements?

Yes

Please supply your latest CLAS consultant annual Government Connect assessment / audit report, blanking out any statements which could contravene a security concern from a third party reading it.

Release of this data may compromise the security of our networks and systems and so can not be released – crime prevention exemption.

Do you meet the Government Connect version four requirements?

Not yet assessed

Please supply the latest internal report for the Government Connect version four Audit/ Assessment, blanking out any statements which could contravene a security concern from a third party reading it.

N/A

Criminal Justice Network

Are you connected to and operationally utilising the Criminal Justice Network? If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?

No - no operational need

Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

N/A

NHS N3 Network

Are you connected to and operationally utilising the NHS N3 Network? If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?

No - no operational need

Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

N/A

Do both schools and the Council share the same physical network responsible for voice and data communications?

Yes

The Council will not be charging you for the time taken by council officers to find, sort, edit or redact the requested material. Please do not hesitate to contact me should you have any queries or wish to amend or clarify your request. Should you be unhappy with the way in which your request for information has been dealt with you may wish to submit a written complaint, to Sandra J Stewart, Borough Solicitor, at the above address providing details of your concerns.

Yours sincerely

Norman Crawford

Norman Crawford

Assistant Executive Director – ICT Services