FOI Request

Dear Mr Schneider

Freedom of Information Request: Reference 810002933

I acknowledge your request for information received on 18 August 2010.

This information request will be dealt with in accordance with the Freedom
of Information Act 2000 and we will send the response by 16 September.

Your request is being dealt with by The Corporate Resources Feedback
Team. The e-mail address for that team is
[email address] if you have any queries.

Yours sincerely,

S Dyos

Haringey Council

show quoted sections

David,

With respect to your recent request what do you mean by electronic payment
card? Do you just mean debit or credit cards?

PCI-DSS

Does your organisation process electronic payment cards?

How much money is processed from electronic payment cards per

annum?

How many electronic payment card transactions are processed per

annum?

Are you PCI-DSS compliant?

Ian Andrews

Head of Finance - SAP Financial Systems Team

Tel. 020 8489 2427 or mobile 07973 244189

Email. ian.andrews[1]@haringey.gov.uk

Think of the environment...please don't print this e-mail unless you
really need to.

This email and any files transmitted with it are confidential, may be
subject to legal privilege and are intended only for the person(s) or
organisation(s) to whom this email is addressed. Any unauthorised use,
retention, distribution, copying or disclosure is strictly prohibited. If
you have received this email in error, please notify the system
administrator at Haringey Council immediately and delete this e-mail from
your system. Although this e-mail and any attachments are believed to be
free of any virus or other defect which might affect any computer or
system into which they are received and opened, it is the responsibility
of the recipient to ensure they are virus free and no responsibility is
accepted for any loss or damage from receipt or use thereof. All
communications sent to or from external third party organisations may be
subject to recording and/or monitoring in accordance with relevant
legislation.

show quoted sections

References

Visible links
1. mailto:[email address]
mailto:[email address]
mailto:[email address]

David,

Can I have your response asap as I need to start work on the request:-

What do you mean by electronic payment cards?

Ian Andrews

Head of Finance - SAP Financial Systems Team

Tel. 020 8489 2427 or mobile 07973 244189

Email. ian.andrews[1]@haringey.gov.uk

Think of the environment...please don't print this e-mail unless you
really need to.

show quoted sections

Dear Mr Schneider,

Re: Freedom of Information Act Request ref: 810002933

Thank you for your request for information received on the 18^th August
2010 in which you asked for the following information (our responses are
shown in turquoise):

1. Provide, name, address and telephone number for the following
people:

Senior Information Risk Owner - Anne Woods, Audit and Risk Management,
Level 1, Alexandra House, 10 Station Road, Wood Green, London, N22 7TR,
020 8489 5973.

Governance Manager - The Chief Information Officer is Steve Cornell,
Quality Assurance and Training, Level 7, River Park House, 225 High Road,
Wood Green, London, N22 8HQ, 020 8489 1997.
Information Security Officer/Manager - James Harding, IT Services, Level
3, River Park House, 225 High Road, Wood Green, London, N22 8HQ, 020 8489
3112.
Information Technology Security Officer/Manager - James Harding, IT
Services, Level 3, River Park House, 225 High Road, Wood Green, London,
N22 8HQ, 020 8489 3112.
Caldicott Guardian - Lisa Redfern, Adult Services and Commissioning, 4^th
Floor, 40 Cumberland Road, Wood Green, London, N22 7SG, 020 8489 2326.

2. PCI-DSS

Does your organisation process electronic payment cards? Yes
How much money is processed from electronic payment cards per annum?
How many electronic payment card transactions are processed per annum?

Emails were sent to you on the 24^th and 27^th August 2010 by the Head of
Finance - SAP Financial Systems Team asking for further clarification. No
response has been received, therefore we are unable to provide an answer
to these questions.
Are you PCI-DSS compliant? - Haringey Council uses IT systems which are
PCI DSS compliant.

3. ISO 27001

Are you or have you considered becoming ISO 27001 compliant or certified?
- Haringey Council's IT Services are certified ISO 27001.

4. Government Connect

Are you connected and operationally utilising the Government Connect
network? - Yes.
If not have you considered connecting to Government Connect and why was
the decision made not to connect? - N/A
Do you meet the Government Connect version three requirements? - Haringey
Council is compliant with version 4.1 of the Government Connect Code of
Connection.
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it. - This
information is exempt from disclosure under Exemption 23 of the UK Freedom
of Information Act on the basis that CESG (who are part of GCHQ which is
listed in the Act) are the primary authors of the underlying document.
The resultant publication of this information on the Internet would merely
serve to identify those Local Authorities with, and those areas within
those Local Authorities, where there are security weaknesses and thereby
assist foreign intelligence agencies and other malicious parties. Its
disclosure would also result in the disclosure of the underlying GSi
Code of Connection and its controls for which CESG are the primary author
and have previously stated that it and its controls should NOT be
disclosed. This derived assessment report document is likewise withheld
from disclosure.
Do you meet the Government Connect version four requirements? Yes, as
above.

Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which could
contravene a security concern from a third party reading it. - This
information is exempt from disclosure under Exemption 23 of the UK Freedom
of Information Act on the basis that CESG (who are part of GCHQ which is
listed in the Act) are the primary authors of the underlying document.
The resultant publication of this information on the Internet would merely
serve to identify those Local Authorities with, and those areas within
those Local Authorities, where there are security weaknesses and thereby
assist foreign intelligence agencies and other malicious parties. Its
disclosure would also result in the disclosure of the underlying GSi
Code of Connection and its controls for which CESG are the primary author
and have previously stated that it and its controls should NOT be
disclosed. This derived assessment report document is likewise withheld
from disclosure.

5. Criminal Justice Network
Are you connected to and operationally utilising the Criminal Justice
Network? Haringey Council are only connected for the use of web mail.
If not have you considered connecting to the Criminal Justice Network and
why was the decision made not to connect? Haringey will be using GCSX for
all government connections in the future.
Please supply your latest annual assessment/audit report, blanking out any
statements which could contravene a security concern from a third party
reading it. N/A

6. NHS N3 Network

Are you connected to and operationally utilising the NHS N3 Network? -
No.
If not have you considered connecting to the NHS N3 network and why was
the decision made not to connect? - Yes. Haringey Council is working
toward compliance with the NHS Information Governance Toolkit, which will
allow N3 connectivity.
Please supply your latest N3 Connection assessment/audit report, blanking
out any statements which could contravene a security concern from a third
party reading it. - N/A
Do both schools and the Council share the same physical network
responsible for voice and data communications? - No

If you have any further queries, or are unhappy with how we have dealt
with your request and wish to make a complaint, please contact the
Feedback and Information Team as below.

Feedback and Information Team

River Park House

225 High Road

N22 8HQ

Telephone: 020 8489 2550

Fax: 020 8489 3992

Email: [email address]

LINDA ROBINSON ~ Senior Business Support Officer

Email: [email address]

Telephone: 020 8489 1921

Address: IT Services ~ Level 3 ~ River Park House ~ 225 High Road ~ Wood
Green ~ London ~ N22 8HQ

show quoted sections