Download original attachment
(Word document)
This is an HTML version of an attachment to the Freedom of Information request
'FOI Request'.
(Word document)
Mr. David Schneider,
Request for Information - Governance Contact Details and Data Security
Reference Number - DOT/88MKJZ
Dear Mr. Schneider
Thank you for your request for information, which was received by Manchester City Council on 18th August 2010 and has been considered under the provisions of the Freedom of Information Act 2000.
In response to your request, I have reproduced your request and provided the information you have requested as follows.
Contact Details
Provide, name, address and telephone number for the following people:
Senior Information Risk Owner
Susan Orrell, City Solicitor, PO Box 532, Town Hall, M60 2LA Tel No: 0161 234 3087
Governance Manager
Governance Manager : Lynn Evans, Information Governance Manager, PO Box 532, Town Hall, Manchester, M60 2LA Tel No: 0161 234 4415
Information Security Officer/Manager
Please address issues relating to information security to Steve Park, Chief Information Officer, PO Box 164, Manchester M13 0UZ. 0161 277 5921.
Information Technology Security Officer/Manager
Please address issues relating to information security to Steve Park, Chief Information Officer, PO Box 164, Manchester M13 0UZ. 0161 277 5921.
Caldecott Guardian
Caldecott Guardian (Adults) : Paul Cassidy, Assistant Director, Adults Directorate, One First Street, Manchester M15 4FN Tel: 0161 234 3805
PCI-DSS
Does your organisation process electronic payment cards?
Manchester City Council directly processes the majority of electronic card payments through various modules of its Income Management System. This activity is subject to the PCI DSS security measures. In addition, there are to a much lesser extent card payments processed indirectly on the Council's behalf by the Council's merchant provider via PDQ machines (which are PCI DSS compliant) located at various council premises.
How much money is processed from electronic payment cards per annum?
£37,562,074.03 was transacted during the year 1 August 2009 to 31 July 2010
How many electronic payment card transactions are processed per annum?
366,792 transactions were processed during the year 1 August 2009 to 31 July 2010.
Are you PCI-DSS compliant?
Manchester City Council is not at present PCI DSS compliant but is working towards achieving compliance very soon.
ISO 27001
Are you or have you considered becoming ISO 27001 compliant or certified?
The ICT Service was restructured during 2009. One of the objectives of the restructure was to achieve accreditation to ISO 27001.
Government Connect
Are you connected and operationally utilising the Government Connect network? If not have you considered connecting to Government Connect and why was the decision made not to connect?
Manchester City Council is connected to, and uses the Government Connect Secure Extranet.
Do you meet the Government Connect version three requirements?
The Government Connect assessor approved Manchester City Council's Code of Connection v 3.2 which described the Council's security arrangements, in October 2009.
Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
A “Health Check” audit has been undertaken by a CLAS consultant. However, the resultant report details the strengths and weaknesses on Manchester City Council's network and is, therefore a classified document, which cannot be placed in the public domain without presenting an unacceptably high risk of a dishonest person using the information to attempt to hack into City Council systems or the Government Connect Secure Extranet.
Do you meet the Government Connect version four requirements?
Manchester City Council's ICT Service has been striving to meet the more stringent requirements referred to in your question. Later this month an audit is to be undertaken on behalf of the Government Connect Security Team, to assess whether the City Council complies with version 4.1 of the Government Connect Code of Connection.
Please supply the latest internal report for the Government Connect version four Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.
Internal assessment of compliance with Government Connect security arrangements is based on the Code of Connection V 4.1. which is a classified document. The document cannot be placed in the public domain without presenting an unacceptably high risk of a dishonest person using the information to attempt to hack into City Council systems or the Government Connect Secure Extranet.
Criminal Justice Network
Are you connected to and operationally utilising the Criminal Justice Network? If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?
The City Council does transmit data to and from the Criminal Justice Network.
Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
An audit of the City Council's connection to the Criminal Justice Network has not been undertaken.
NHS N3 Network
Are you connected to and operationally utilising the NHS N3 Network? If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?
A trail of direct access to data held on the NHS N3 network has begun.
However, prior to approval to use the Government Connect Secure Extranet, arrangements were in place to share data with the NHS using encrypted file transfers. These arrangements remain in use and will continue to be used until service managers are satisfied that use of the Government Connect Secure Extranet does not present operational difficulties.
Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
An audit of Manchester City Council's N3 connection has not been undertaken.
Do both schools and the Council share the same physical network responsible for voice and data communications?
Yes, schools and the City Council share the same physical network.
This information may be subject to copyright. Freedom of Information does not give you an automatic right to re-use this information in a way that would infringe copyright, for example, by publishing the information or making multiple copies.
Please note if you are not satisfied with this response you may ask for an internal review. If you wish to complain you should contact me in the first instance.
If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for a decision.
The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5F
Please remember to quote the reference number above in any future communications.
Yours sincerely,
S. Park
Steve Park
Chief Information Officer
|
|
|
Chief Executive's Department |
|
|
