FOI Request

Dear Mr Schneider

Thank you for your request for information under the Freedom Of Information Act 2000, of which we acknowledge receipt.

Your request has been passed to the appropriate officer to provide a response as soon as possible, and in any event within 20 working days, as required by the Act.

Kind regards

Paul Atkinson, for

Data Management Officer
North Yorkshire County Council
01609 533219 [email address]

Access your county council services online 24 hours a day, 7 days a week at www.northyorks.gov.uk.

WARNING

Any opinions or statements expressed in this e-mail are those of the individual and not necessarily those of North Yorkshire County Council.

This e-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you receive this in error, please do not disclose any information to anyone, notify the sender at the above address and then destroy all copies.

North Yorkshire County Council’s computer systems and communications may be monitored to ensure effective operation of the system and for other lawful purposes. All GCSX traffic may be subject to recording and/or monitoring in accordance with relevant legislation.

Although we have endeavoured to ensure that this e-mail and any attachments are free from any virus we would advise you to take any necessary steps to ensure that they are actually virus free.

If you receive an automatic response stating that the recipient is away from the office and you wish to request information under either the Freedom of Information Act, the Data Protection Act or the Environmental Information Regulations please forward your request by e-mail to the Data Management Team ([North Yorkshire County Council request email]) who will process your request.

North Yorkshire County Council.

Dear Mr Schneider,

I write further to your request for information dated 18 August 2010.
Please find below the Council’s response to your requests:

Provide, name, address and telephone number for the following people:

● Senior Information Risk Owner

John Moore
Corporate Director Finance and Central Services
NYCC
County Hall
Northallerton
DL7 8AL
Tel: 01609 532114

● Governance Manager

Robert Beane
Information Governance Officer
Finance and Central Services
NYCC
County Hall
Northallerton
DL7 8AL
Tel: 01609 533219

● Information Security Officer/Manager &
● Information Technology Security Officer/Manager

Colin Cottrell
Information Technology Security Officer
Finance and Central Services
NYCC
County Hall
Northallerton
DL7 8AL
Tel: 01609 532020

● Caldecott Guardian

Adult Social Care

Sukhdev Dosanjh
Assistant Director Performance & Change Management
Adult & Community Services
NYCC
County Hall
Racecourse Lane
Northallerton
DL7 8DD
Tel: 01609 533274

Children’s Social Care

Sue Barker
Assistant Director Children's Social Care
Children and Young People’s Service
NYCC
County Hall
Racecourse Lane
Northallerton
DL7 8AE
Tel: 01609 533569

PCI-DSS

This response is based on our interpretation of what is meant by
"Electronic Card Payments." For the purposes of clarity: An electronic
payment which is made by a customer via a web browser for goods and
services using a credit or debit cards (whether it be a personal or
commercial card). The response relates solely to the County Council.
Schools are responsible for their own governance and some NYCC schools
are part of an e-payments system which allows
parents/guardians/relatives to pay pupils schools dinner and trip fees.
This is provided by Parent-Pay. However some schools may have procured
their own system. If you require this information in relation to schools
I would suggest you contact the schools directly. A list of NYCC
schools’ contact details can be found in the list of establishments on
the Council’s website at
http://www.northyorks.gov.uk/index.aspx?....

Does your organisation process electronic payment cards?
North Yorkshire County Council currently accepts electronic card
payments from customers for a limited range of goods and services -
including payment of debtors invoices, musical instruments, library
fines, adult learning courses, Freedom of Information requests and Data
Protection requests.

How much money is processed from electronic payment cards per annum?
In 2009/10, North Yorkshire County Council processed £12,550 in
Electronic Payments. It is expected that the value of e-payments income
received in 2010/11 will grow exponentially, and should be at least
£100,000 per annum - please see part 3.

How many electronic payment card transactions are processed per annum?
During 2009/10 a very low volume of card payments were processed - less
than 100 per annum. However since July 2010/11, North Yorkshire County
Council has started to accept payment for payment of debtors invoices
and adult learning courses. This is likely to push the estimated volume
of e-payments per annum to in excess of 1,000 transactions based on
current activity in 2010/11. Furthermore the Council is seeking to allow
customers to pay for a wider range of goods and services provided in the
near future. This is likely to improve convenience for the public in
terms of paying for goods and services provided by the Council and as a
result it is anticipated in due course the volume of e-payments
transactions will increase further still.

Are you PCI-DSS compliant?
Yes, following an annu
al self-assessment. We are allowed to conduct a
self-assessment because we process less than 10,000 transactions per
annum and we are classed as a Level 4 Merchant. Furthermore Barclay-card
process the customer transactions on our behalf, and the Council does
not hold the financial data of e-payment customers.

ISO 27001

Are you or have you considered becoming ISO 27001 compliant or
certified?

The Council is currently in the process of certification to this
standard and would deem itself compliant.

Government Connect

Are you connected and operationally utilising the Government Connect
network? If not have you considered connecting to Government Connect and
why was the decision made not to connect?

Yes the Council is connected and using the functionality.

Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.

The Council does meet the requirements for Government Connect version
3.2. The Council does not hold a copy of the audit assessment, as the
Council did not commission a CLAS consultant to carry out an annual
Government Connect assessment or audit. The information that was
provided by the Council to siemens-enterprise for compliance to CoCo was
in a form of question and answers rather than an audit assessment.
However we are unable to disclose any details of these as the answers
could be used to enable our GCSx connection and systems to be accessed
illegally. This technical information requested is therefore exempt from
disclosure under Section 31(1)(a) of the Freedom of Information Act
2000, as disclosure is likely to prejudice the prevention or detection
of crime. This exemption is subject to the public interest test and
there is an overwhelming public interest in keeping the government
computer systems secure, including protecting personal data. As such the
Council believes the public interest lies in upholding the exemption
rather than disclosing the information you have requested at this time.
I enclose a copy of our appeals process, for your information.

Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which could
contravene a security concern from a third party reading it.

The Council does meet the requirements for Government Connect version
4.1. The Council does not hold a copy of the audit assessment, as the
Council did not commission a CLAS consultant to carry out an annual
Government Connect assessment or audit. However we are unable to
disclose any details of these as the answers could be used to enable our
GCSx connection and systems to be accessed illegally. This technical
information requested is therefore exempt from disclosure under Section
31(1)(a) of the Freedom of Information Act 2000, as disclosure is likely
to prejudice the prevention or detection of crime. This exemption is
subject to the public interest test and there is an overwhelming public
interest in keeping the government computer systems secure, including
protecting personal data. As such the Council believes the public
interest lies in upholding the exemption rather than disclosing the
information you have requested at this time. I enclose a copy of our
appeals process, for your information.

Criminal Justice Network

Are you connected to and operationally utilising the Criminal Justice
Network? If not have you considered connecting to the Criminal Justice
Network and why was the decision made not to connect?

The Council access and uses the Criminal Justice Network though GCSX.
GCSX is already securely connected to the Police National Network and
the Criminal Justice sector through the Public Sector Interconnect and
we therefore use this for secure information sharing between local
authorities, the Police and C
JX users.

Please supply your latest annual assessment/audit report, blanking out
any statements which could contravene a security concern from a third
party reading it.

The Council does not hold any such annual assessment/audit report as
access to the Criminal Justice Network is gained through GCSX. Please
see the responses above in relation to Government Connect
audit/assessments.

NHS N3 Network

Are you connected to and operationally utilising the NHS N3 Network? If
not have you considered connecting to the NHS N3 network and why was the
decision made not to connect?

We do have connections to the NHS N3 network and we are utilising these
connections.

Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security concern
from a third party reading it.

The connections to the N3 network are audited and assessments carried
out by the NHS, and the Council does not hold a copy. I suggest that you
contact them, and have provided contact details for you:
http://www.n3.nhs.uk/.

Do both schools and the Council share the same physical network
responsible for voice and data communications?

No.

Please find enclosed a copy of the Council’s appeals procedure for
your information

Yours sincerely

Miriam Townsend, for

Data Management Officer
North Yorkshire County Council
01609 533219 [email address]

Access your county council services online 24 hours a day, 7 days a week at www.northyorks.gov.uk.

WARNING

Any opinions or statements expressed in this e-mail are those of the individual and not necessarily those of North Yorkshire County Council.

This e-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you receive this in error, please do not disclose any information to anyone, notify the sender at the above address and then destroy all copies.

North Yorkshire County Councils computer systems and communications may be monitored to ensure effective operation of the system and for other lawful purposes. All GCSX traffic may be subject to recording and/or monitoring in accordance with relevant legislation.

Although we have endeavoured to ensure that this e-mail and any attachments are free from any virus we would advise you to take any necessary steps to ensure that they are actually virus free.

If you receive an automatic response stating that the recipient is away from the office and you wish to request information under either the Freedom of Information Act, the Data Protection Act or the Environmental Information Regulations please forward your request by e-mail to the Data Management Team ([North Yorkshire County Council request email]) who will process your request.

North Yorkshire County Council.

[ WhatDoTheyKnow note: The above text was badly encoded, and has had strange characters removed. ]