Download original attachment
(Word document)
This is an HTML version of an attachment to the Freedom of Information request 'Security Audit of coi.gov.uk'.

0x08 graphic
0x08 graphic
0x08 graphic
0x08 graphic

98h September 2008

Dear Richard

RE: 10485428

I am writing to confirm that the Central Office of Information has now completed its search for the information which you requested on 13th August 2008.

You requested a copy of a security audit of coi.gov.uk as referenced in the .gov.uk Naming and Approvals Committee minutes of 26th September 2007.

The Central Office of Information has classified this information as exempt from the general right of access to information afforded by the Freedom of Information Act 2000.

By releasing this information into the public domain where it could be used by disreputable individuals, the COI could render its IT systems vulnerable to attack. The information could be used to illegally gain access to our systems, and thereby, to personal data and highly sensitive commercial and confidential information. We believe that releasing this information could facilitate the commission of an offence. Section 31 of the Freedom of Information Act exempts from disclosure information which would, or would be likely to, prejudice the prevention or detection of crime. A breach of our IT security could result in intellectual property theft, damage to systems, interception of confidential data, a breach of the Data Protection Act and disruption to business processes.

Section 31 is not an absolute exemption but is subject to the public interest test. This means that even if the information requested is exempt, the public authority must decide whether the public interest in applying the exemption and refusing disclosure outweighs the public interest in disclosing it. We recognise that there is a legitimate public interest in understanding how robust and fit-for-purpose the COI's website and IT systems are. However, we do not believe that releasing this audit report would assist that public understanding or promote public confidence in our IT systems. We have assessed the risk of providing a potential illegal access route to any individual/groups intent on causing harm as too great, and thus outweighing the public interest in disclosing this information.

If you are unhappy with the way the Central Office of Information has handled your request, you may ask for an internal review. You should contact Emma Lochhead, Board Member with responsibility for FOI, if you wish to complain.

If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

If you have any queries about this letter, please contact me. Please remember to quote the reference number above in any future communications.

Yours sincerely

Glynn Morgan

FOI Officer

Hercules House

Hercules Road

London SE1 7DU

Switchboard 020 7928 2345

T 020 7261 8253

F 020 7261 0942

E [email address]