Follow this request

There is 1 person following this request

Follow
RSS feed of updates

Offensive? Unsuitable?

Requests for personal information and vexatious requests are not considered valid for FOI purposes (read more).

If you believe this request is not suitable, you can report it for attention by the site administrators

Report this request

Act on what you've learnt

twitter icon Tweet this request
Start your own blog
Get help investigating
Write to your politician
Pledge with others

Similar requests

FOI Request

To East Hampshire District Council by Dave Schneider 18 August 2010

FOI Request

To Mid Suffolk District Council by Dave Schneider 18 August 2010

FOI Request

To Suffolk County Council by Dave Schneider 18 August 2010

MIDAS Contract Documents

To National Policing Improvement Agency by Alex Brown 12 July 2010

Audit Committee Meeting Papers

To Electoral Commission by Helen Cross 28 March 2012

Child Safety on the Internet

To Surrey County Council by Mrs Fitzsimons 22 October 2009

Uncensored version of "'Site Blocking' to reduce online copyright infringement

To Office of Communications by TJ McIntyre 3 August 2011

Cost to schools of ICT services provided by the local authority

To Luton Borough Council by S Hill 17 May 2011

Threatening words from torturer's solicitors

To Scottish Government by David Hansen 23 March 2009

Public sector flex Intelligent Customer Function minutes

To Cabinet Office by Janine Baker 17 March 2009

More similar requests

Event history details

Are you the owner of any commercial copyright on this page?

Audit Commission Firewall;

P. John made this Freedom of Information request to Audit Commission

The request was partially successful.

From: P. John

11 October 2011

Dear Audit Commission,

the Audit Commission firewall
85.158.137.99/fw2.audit-commission.gov.uk is hosted on a
Messagelabs network in Frankfurt (*).

Much as I like Germany, I'm surprised to learn that UK Government
communications would be routed via a firewall provided by an
overseas service provider.

Please could you disclose any network security advice given to the
Audit Commission by the UK Government's National Technical
Authority for Information Assurance - CESG - concerning the
security of the Audit Commission firewall.

Yours faithfully,

P. John

(*) See
http://www.robtex.com/dns/fw2.audit-comm...

Link to this

From: P. John

11 October 2011

Dear Audit Commission,

I'm sorry, let me revise that request to be more technically
accurate.

The Audit Commission firewall
193.195.187.202/fw2.audit-commission.gov.uk is hosted on a Demon
Internet IP address in the UK (*).

The MX records for the audit-commission.gov.uk domain are handled
by various Message Labs servers in Germany, the Netherlands, and
the UK.

Much as I like Germany/Netherlands, I'm surprised to learn that UK
Government communications would be routed via a mail server
provided by an overseas service provider.

Please could you disclose any network security advice given to the
Audit Commission by the UK Government's National Technical
Authority for Information Assurance - CESG - concerning the
security of the Audit Commission email system and MX handling.

Yours faithfully,

P. John

(*)http://www.robtex.com/dns/audit-commissi...

Link to this

From: Freedom of Information
Audit Commission

13 October 2011

Dear Mr John, thank you for your request.

This has been logged as reference RFI 1440. We're now looking for the information you've asked for and will respond as soon as we can. Under the Freedom of Information Act, we must respond no later than 8 November.

Yours sincerely

Rob Mauler
Public Enquiries

show quoted sections

Link to this

From: Diane Skinner
Audit Commission

18 October 2011

Dear Mr John
 
Thank you for request for information of 11 October 2011.
Your request was:
Please could you disclose any network security advice given to the Audit
Commission by the UK Government's National Technical Authority for
Information Assurance - CESG - concerning the security of the Audit
Commission email system and MX handling.
In response to your request I can tell you that we do not hold any network
security advice from CESG regarding the email system. By way of
explanation I would make the following points:

* The Commission does not form part of the national critical
infrastructure and would not normally receive direct advice from CESG.
Internal email and data for confidential business applications are not
routed via MessageLabs.
* Only external internet mail is routed through MessageLabs. Our policy
is that sensitive information (either personal data or protective
marked information) should not be sent over the internet as it is
insecure. In those exceptional circumstances where the only route for
sensitive information is by external internet email the information
should be encrypted. So, in short, no sensitive material should be
readable by the MessageLabs servers.
* We use MessageLabs to screen our internet traffic and they provide
routing to do this to data centres across the EU to improve resilience
and reliability. Given that these emails don’t contain sensitive
information we do not see any issue with this.
* We would also note that we probably would not have grounds to refuse a
supplier operating within the EU, on data privacy grounds, under EU
procurement law.

I hope this resolves your enquiry; however, if you are unhappy with this
response, or the way your request has been handled, you can raise a
complaint under the Audit Commission's Access to Information Complaints
Procedure. Please find it via this link:
[1]http://www.audit-commission.gov.uk/legal...
 
 
Yours sincerely
 
 
Diane Skinner
 
 
Diane Skinner
Information Standards and Quality Manager
[2]Information Management
Corporate Services ([3]Business Information Services)
 
Audit Commission
Westward House
Lime Kiln Close
Stoke Gifford
Bristol BS34 8SR
 
Direct Dial:     + 44 (0) 844 798 6262
E-Mail:         [4][email address]
 
For Freedom of Information (FOI) requests please email
[5][Audit Commission request email]
Please consider the environment before printing this email and associated
attachments
 
 
 
 
 
 

show quoted sections

Link to this

From: P. John

19 October 2011

Dear Ms Skinner,

many thanks for your response.

It surprises me that the Audit Commission wouldn't choose to
process email internally, in the UK, for maximum security (given
that presumably some of your incoming email correspondence might be
considered sensitive/confidential to the originator, if not the
Audit Commission).

But thank you.

Yours sincerely,

P. John

Link to this

Things to do with this request

Anyone:
Audit Commission only: