Dear Mr Schneider,

Freedom of Information Request - Various Information Request

Thank you for your Freedom of Information request dated 18^th August.

Please find below the response to your Freedom of Information Request.

Provide, name, address and telephone number for the following people:

• SIRO - Stuart Kellas, Executive Director of Finance

• Governance Manager - Sue Phelps, Head of Governance Services

• Information Security Officer/Manager - No direct position

• Information Technology Security Officer/Manager - No direct position

• Caldecott Guardian - Herminder Kullar - Adult & Community Services

All Officers can be contacted through the main Council Contact Centre on 0845 358 2200.

PCI-DSS - Our responses to these questions are in regards to credit/debit card payments.

1. Does your organisation process electronic payment cards?

Yes, the Council does process specific card payments as authorised by our card services supplier

2. How much money is processed from electronic payment cards per annum?

Last financial year the Council processed £20,139,913.00 by card

3. How many electronic payment card transactions are processed per annum?

Last financial year the Council processed 156,578 card transactions

4. Are you PCI-DSS compliant?

There is a current project working towards compliance to Level 3 PCI standard. We are aiming for compliance by March 2011.

ISO 27001

No the Authority is not ISO 27001 certified. All security policies are developed in line with ISO27001 in anticipation of any such time this does take place.

Government Connect

1. Are you connected and operationally utilising the Government Connect network? If not have you considered connecting to Government Connect and why was the decision made not to connect?

Yes - since 2009.

2. Do you meet the Government Connect version three requirements?

Yes - our Code of Connection at v3.2 was approved to permit our connection in 2009.

3. Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

This information is exempt from disclosure and the Council considers that the following exemption to disclosure is relevant:

Section 31 1 (a) - Where disclosure would prejudice the prevention and detection of crime because disclosing details of our security arrangements other than to authorised organisations would prejudice the security of the Council's network and potentially it vulnerable to hacking.

This exemption is subject to a public interest test and the Council is of the opinion that the public interest in protecting the integrity of the Council's network outweighs the benefits of disclosure in this particular case.

The Council has considered whether it would be possible to redact the information in question, but considers that the level of redaction required would render the information useless in this case.

4. Do you meet the Government Connect version four requirements?

Yes - our Code of Connection at v4.1 was approved to permit our connection in 2010.

5. Please supply the latest internal report for the Government Connect version four Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.

Please see the Council's response to question 3 above.

Criminal Justice Network

1. Are you connected to and operationally utilising the Criminal Justice Network? If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?

The Council does have a connection to the Criminal Justice Secure eMail (CJSM)

2. Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

There is no CLAS security report as the Council has not yet been required to produce one.

NHS N3 Network

1. Are you connected to and operationally utilising the NHS N3 Network? If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?

No we are not connected but are actively looking at this as a result of the project to permit connection via GCSx

2. Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

N/A - not connected.

3. Do both schools and the Council share the same physical network responsible for voice and data communications?

These networks are physically separate.

If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your request, and should be addressed to:

Service Insight Team

Sandwell Council House

Freeth Street

Oldbury

West Midlands

B69 3DE

Email - [email address]

If you are not content with the outcome of an internal review, you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Please remember to quote the reference number above in any future communications.

Yours sincerely

Angela Goddard

Data Protection/Freedom of Information Assistant

Sandwell Metropolitan Borough Council

SANDWELL METROPOLITAN
BOROUGH COUNCIL

Sandwell Council House

Oldbury

Sandwell

West Midlands

B69 3DE

Telephone 0121 569 3194

Facsimile 0121 569 3182

Email: angela_goddard

@sandwell.gov.uk

Web: sandwell.gov.uk

Our Ref: ENQ-

Your Ref:

Date: 14^th September 2010