FOI Request

Dear Mr Schneider

We have a clarification on your FOI request sent to councils recently.

Under PCI-DSS you have requested information regarding electronic payment
cards. We were wondering what you meant by that. Are you defining
electronic payments made using credit and debit cards as 'electronic
payment cards' or do you mean specific electronic payment card systems?

I look forward to hearing from you in due course.

Kind regards

Simon Turner
Shared IT Operations Manager

HR, IT & Customer Services
Tel: 01491 823921 (South) 01235 540476 (Vale) 07801 203504 (mobile)
Email: [1][email address]

>>> Dave Schneider <[FOI #45290 email]> 18/08/2010
14:27 >>>
Sir/Madam,

I wish to make a request under the Freedom of Information Act. The
following questions and information I wish to have sent to me are
as follows:

Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner
• Governance Manager
• Information Security Officer/Manager
• Information Technology Security Officer/Manager
• Caldecott Guardian

PCI-DSS
Does your organisation process electronic payment cards?
How much money is processed from electronic payment cards per
annum?
How many electronic payment card transactions are processed per
annum?
Are you PCI-DSS compliant?

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified?

Government Connect
Are you connected and operationally utilising the Government
Connect network? If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.

Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.

NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications?

Yours faithfully,

Dave Schneider

show quoted sections

Dear Mr Schneider

Herewith the responses to your FOI Request for Vale of the White Horse
District Council:

Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner - Steve Bishop, Strategic Director.
Abbey House, Abbey Close, Abingdon. OX14 3JE. 01235 540332
• Governance Manager - No post Identified.
• Information Security Officer/Manager - Stuart Thompson, IT
Security Manager. Abbey House, Abbey Close, Abingdon. OX14 3JE 01235 540335
• Information Technology Security Officer/Manager - Stuart Thompson,
IT Security Manager. Abbey House, Abbey Close, Abingdon. OX14 3JE 01235
540335
• Caldecott Guardian - No post identified

PCI-DSS
Does your organisation process electronic payment cards? Pending
clarification from Mr Schneider on what is meant by electronic payment
cards.
How much money is processed from electronic payment cards per
annum? Pending clarification from Mr Schneider on what is meant by
electronic payment cards.

How many electronic payment card transactions are processed per
annum? Pending clarification from Mr Schneider on what is meant by
electronic payment cards.

Are you PCI-DSS compliant? Yes.

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified? No

Government Connect
Are you connected and operationally utilising the Government
Connect network? Yes
If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements? Yes
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.

Exemption 24 applies to this response.
Disclosure of this information would enable infiltration into the
council's network and would provide a staging post to attack this or other
UK Government ICT.

Do you meet the Government Connect version four requirements? Yes
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.

Exemption 23 applies to this response.
This information is exempt from disclosure under the Freedom of
Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on 01242 221491 ext: 30306
or email [1][email address]

Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? Not Applicable
If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.

NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? Not Applicable
If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications? Not applicable.

If you are not satisfied with our response to your request you have the
right to complain to the council. Details of our complaints procedure are
on the web site
at [2]http://www.whitehorsedc.gov.uk/website/h....
If you remain dissatisfied, you may appeal to the Information Commissioner,
whose address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Kind Regards

Simon Turner
Shared IT Operations Manager
South Oxfordshire District Council and Vale of White Horse District Council
Tel: 01491 823921 (South) 01235 540476 (Vale) 07801 203504 (Mobile)

>>> Dave Schneider <[FOI #45290 email]> 18/08/2010
14:27 >>>
Sir/Madam,

I wish to make a request under the Freedom of Information Act. The
following questions and information I wish to have sent to me are
as follows:

Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner
• Governance Manager
• Information Security Officer/Manager
• Information Technology Security Officer/Manager
• Caldecott Guardian

PCI-DSS
Does your organisation process electronic payment cards?
How much money is processed from electronic payment cards per
annum?
How many electronic payment card transactions are processed per
annum?
Are you PCI-DSS compliant?

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified?

Government Connect
Are you connected and operationally utilising the Government
Connect network? If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.

Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.

NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications?

Yours faithfully,

Dave Schneider

show quoted sections