Q.1 Contact details

Provide, name, address and telephone number for the following people:

Postal address for all the managers listed below is:

Norfolk County Council

County Hall
Martineau Lane
Norwich
Norfolk
NR1 2DH

Senior Information Risk Owner:

Paul Adams, Director of Resources

[email address]

01603 222635

Governance Manager:

Paul Adams, as above

Information Security Officer/Manager:

Karen O'Kane, Head of ICT

[email address]

01603 222100

Information Technology Security Officer/Manager:

Karen O'Kane, as above

Caldecott Guardian

There are two in this authority, as follows:

1) Children's Services:

Mick Sabec, Head of Business Support

[email address]

01603 223499

2) Communities: Adult Social Care

Catherine Underwood, Director of Commissioning, Community Health & Care

[email address]

01603 222179

Q.2 PCI-DSS

Does your organisation process electronic payment cards?

Yes

How much money is processed from electronic payment cards per

annum?

The value of money collected by payment card (debit, credit and Maestro) is £9.2M per annum

How many electronic payment card transactions are processed per

annum?

The number of card transactions processed per annum is 114,100

Are you PCI-DSS compliant?

Yes

Q.3 ISO 27001

Are you or have you considered becoming ISO 27001 compliant or certified?

ISO 27001 informs our Information Management policies and procedures. Certification has been considered, but not pursued.

Q.4 Government Connect

Are you connected and operationally utilising the Government Connect network?

Yes

If not have you considered connecting to Government Connect and why was the decision made not to connect?

Not applicable in light of response above.

Do you meet the Government Connect version three requirements?

Yes.

Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

Copy of assessor's notification attached. This is the extent of what we hold in respect of the assessment reporting process. Note our request for clarification regarding this.

Do you meet the Government Connect version four requirements?

Yes.

Please supply the latest internal report for the Government Connect version four

Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.

Information not held. We have not produced an internal report. Note our request for clarification regarding this.

Q.5 Criminal Justice Network

Are you connected to and operationally utilising the Criminal Justice Network?

Yes. We have been using Criminal Justice Secure E-mail (CJSM) for several years, as mandated by the Youth Justice Board. We have also been utilising a secure Connection installed to all Youth Offending Teams under the Wiring Up Youth Justice Programme that closed on 31 Mar 10, as part of their “Connectivity” project for the last 2 to 3 years that allows the secure transmission of data to the Youth Justice Board.

If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?

Not applicable in light of above response

Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

Information not held.

Q.6 NHS N3 Network

Are you connected to and operationally utilising the NHS N3 Network?

Yes

If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?

Not applicable in light of above response

Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

Information not held

Q.7 Schools

Do both schools and the Council share the same physical network responsible for voice and data communications?

Yes