Question
Answer
Provide, name, address and telephone number for the following people:
• Senior Information Risk Owner
Tony Dawson
• Governance Manager
James Boylett
• Information Security Officer/Manager Tony Dawson
• Information Technology Security
Tony Dawson
Officer/Manager
• Caldecott Guardian’s
Craig Derry and Steve Tredinnick
All staff are located at County Hall, Chelmsford and can be contacted via the
telephone number 0845 7430 430
PCI-DSS
• Does your organisation process
Yes
electronic payment cards?
• How much money is processed from
£6.9M
electronic payment cards per annum?
• How many electronic payment card
13820
transactions are processed per
annum?
• Are you PCI-DSS compliant?
No
ISO 27001
• Are you or have you considered
ECC regularly review available good
becoming ISO 27001 compliant or
practice and best practice standards.
certified?
Various organisational connections are
designed within the context of ISO
27001, e.g. GCSX, but ECC is not
currently seeking separate certification
Government Connect
• Are you connected and operationally
Yes
utilising the Government Connect
network?
• If not have you considered connecting N/A
to Government Connect and why was
the decision made not to connect?
• Do you meet the Government
ECC is currently assessed as compliant
Connect version three requirements? against CoCo 3.2
• Please supply your latest CLAS
We consider that the part of the
consultant annual Government
information you have requested relation
Connect assessment/audit report,
to specific control areas is exempt from
blanking out any statements which
disclosure under the Freedom of
could contravene a security concern
Information Act, so although we hold the
from a third party reading it.
information we shall not be providing it to
you. The exemption we are applying is
s24 National Security
• Do you meet the Government
We have not yet been assessed against
Connect version four requirements?
CoCo 4.1 requirements, this will be part
of our GCSX reassessment process
• Please supply the latest internal
We consider that the part of the
report for the Government Connect
information you have requested relation
version four Audit/Assessment,
to specific control areas is exempt from
blanking out any statements which
disclosure under the Freedom of
could contravene a security concern
Information Act, so although we hold the
from a third party reading it.
information we shall not be providing it to
you. The exemption we are applying is
s24 National Security
Criminal Justice Network
• Are you connected to and
Yes
operationally utilising the Criminal
Justice Network?
• If not have you considered connecting N/A
to the Criminal Justice Network and
why was the decision made not to
connect?
• Please supply your latest annual
We consider that the part of the
assessment/audit report, blanking out information you have requested relation
any statements which could
to specific control areas is exempt from
contravene a security concern from a
disclosure under the Freedom of
third party reading it.
Information Act, so although we hold the
information we shall not be providing it to
you. The exemption we are applying is
s24 National Security
NHS N3 Network
• Are you connected to and
Yes
operationally utilising the NHS N3
Network?
• If not have you considered connecting N/A
to the NHS N3 network and why was
the decision made not to connect?
• Please supply your latest N3
We consider that the part of the
Connection assessment/audit report,
information you have requested relation
blanking out any statements which
to specific control areas is exempt from
could contravene a security concern
disclosure under the Freedom of
from a third party reading it
Information Act, so although we hold the
information we shall not be providing it to
you. The exemption we are applying is
s24 National Security
• Do both schools and the Council
No
share the same physical network
responsible for voice and data
communications?
