FOI Request

RFI - 2643

Thank you for your request for information received on 18th August 2010.
I am dealing with it under the terms of the Freedom of Information Act
2000 I have passed your request to relevant colleagues, and we will
respond to your request within 20 working days of receipt.

Regards,

Gemma

Gemma Snowball
Senior Admin Assistant
Chief Executives Office
Corporate Services
0191 211 6574 / x26574

show quoted sections

Hello Dave,

Thanks for your request. We're working on pulling this all together for
you, but we just have a couple of questions to clarify what you're
asking for.

By 'Governance Manager', are you talking specifically about the area of
Information Governance, or more generally about Corporate Governance?

When you talk about 'electronic payment card transactions', do you mean
any transactions carried out using payment cards (whether in person,
over the telephone or over the internet), or are you referring
specifically to transactions that are carried out electronically, over
the internet?

Thanks,

Peter Dinsdale
Information Governance Officer (FOI & Data Protection)
0191 277 7038 ext 27038

show quoted sections

Dear Mr Schneider,

Thank you for your request for information received on 18 August 2010. The information you require is as follows.

Senior Information Risk Owner / Manager of Information Governance:
Richard Elliott
Head of Strategy, Planning and Performance
Civic Centre
Newcastle upon Tyne
NE99 2BN
Tel: 0191 277 7669

Information Security Manager / IT Security Manager:
Graeme Doneathy
ICT Information Security Manager
Civic Centre
Newcastle upon Tyne
NE99 2BN
Tel: 0191 211 6411

Caldicott Guardian:
Cathy Bull
Head of Adult Services
Civic Centre
Newcastle upon Tyne
NE99 2BN
Tel: 0191 211 6318

PCI-DSS
Does your organisation process electronic payment cards?
- Yes

How much money is processed from electronic payment cards per annum?
- £15,661,369.69 (figure for last financial year)

How many electronic payment card transactions are processed per annum?
- 145,214 (figure for last financial year)

Are you PCI-DSS compliant?
- Yes

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or certified?
- We have considered ISO27001 but at present we are not certified

GOVERNMENT CONNECT
Are you connected and operationally utilising the Government Connect network?
- Yes

If not have you considered connecting to Government Connect and why was the decision made not to connect?
- N/A

Do you meet the Government Connect version three requirements?
- Yes

Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
- This information is refused as I am advised that the whole document is classed as 'restricted'. As you recognise in your question, disclosure of this information would be likely to create a risk to the security of our systems. This would prejudice our ability to prevent or detect crime, i.e. to prevent attempts to access our systems illegally. The information is therefore exempt from disclosure under section 31(1)(a) of the FOI Act. This exemption requires consideration of the public interest test. While we can recognise that there is a public interest in transparency over the security of our systems, we believe that this is met through the independent auditing of these systems to ensure that we meet the requirements for Government Connect. We therefore feel that the public interest in maintaining the security of our systems outweighs the public interest in disclosure of the information in this case, and the exemption is engaged.

Do you meet the Government Connect version four requirements?
- We have not been audited on version 4.

Please supply the latest internal report for the Government Connect version four Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.
- N/A

CRIMINAL JUSTICE NETWORK
Are you connected to and operationally utilising the Criminal Justice Network?
- No

If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?
- N/A

Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
- N/A

NHS N3 NETWORK
Are you connected to and operationally utilising the NHS N3 Network?
- Yes

If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?
- N/A

Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
- Not held

Do both schools and the Council share the same physical network responsible for voice and data communications?
- No

If you are unhappy with our response to your request you can ask for an internal review of our decision. Please send details of your request for review to the following address:

Information Governance Coordinator
Chief Executive's Directorate
Civic Centre
Barras Bridge
Newcastle upon Tyne
NE99 2BN
Telephone: 0191 277 7666
E-mail: [Newcastle upon Tyne City Council request email]

If you are still unhappy with how we have handled your request following our internal review you can complain to the Information Commissioner. Contact details are as follows:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
E-mail: [email address]

Regards,

Peter Dinsdale
Information Governance Officer (FOI & Data Protection)
0191 277 7038 ext 27038

show quoted sections