Security Audit of coi.gov.uk
A Freedom of Information request to Central Office of Information by Richard Jackson
Currently overdue a response from Central Office of Information. By law, the response had to be prompt but no later than 11 September 2008. They are 120 days late, you can complain by requesting an internal review.
Richard Jackson
13 August 2008
Dear Sir or Madam,
In the .gov.uk Naming and Approvals Committee Minutes of 26th
September 2007 reference is made to a security audit of coi.gov.uk
Can you please provide a copy of that audit (and, should it not be
obvious from the audit report, details of who conducted it), and
details of any decisions made by COI in response to it.
If there have been any further audits commissioned or conducted
since then, please also provide similar information in relation to
them.
Yours faithfully,
Richard
FOI Officer
Central Office of Information
11 September 2008
Good afternoon Richard
Please see the attached.
Regards
Glynn
Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037
"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."
This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.
The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Richard Jackson
21 September 2008
Dear Glynn,
Please take this as a request for an internal review of this
decision. You say in your response that I should contact Emma
Lochhead in that regard, but you have provided no details on how to
do that, so I would be grateful if you could forward this on.
I would note that the security audit in question is almost a year
old now, and that there would be a reasonable expectation that any
problems identified by it should be fixed by now. If, for some
reason, a decision was made to ignore some potential problems and
rely on security through obscurity, then it would be slightly more
understandable for those portions to be withheld or redacted, but I
do not believe it is appropriate to refuse to release _all_
information requested (including details of by whom the audit was
carried out).
Yours sincerely,
Richard
Richard Jackson
8 November 2008
Dear Sir or Madam,
My request for internal review made on 21nd September in relation
to my FOI request 'Security Audit of coi.gov.uk' has still received
no response. I would note that ICO guidance states that such
requests should normally be handled in 20 working days, and should
never take more than 40.
Please advise on the expected date when I should receive a
response.
A full history of my original request and all correspondence is
available on the Internet at this address:
http://www.whatdotheyknow.com/request/se...
Yours sincerely,
Richard Jackson
Richard Jackson
5 December 2008
Dear Sir or Madam,
It is now well over two months since I requested an internal review
of my request relating to the Security Audit of coi.gov.uk and I
have still heard nothing. Unless I receive an update in the next
week I will have little option but to direct this matter to the
ICO.
A full history of my FOI request and all correspondence is
available on the Internet at this address:
http://www.whatdotheyknow.com/request/se...
Yours sincerely,
Richard Jackson
FOI Officer
Central Office of Information
11 December 2008
Good morning Richard
Thank you for your email. Please see the attached sent in response to your email of 8th November.
If you have any queries please do not hesitate to contact me.
Kind regards
Glynn
Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037
"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."
This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.
The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Richard Jackson
11 December 2008
Dear Emma,
RE: 10485428
Thank you for this response.
I am slightly confused as to your point re: providing a redacted
copy of the audit. Are you saying that your internal review has
decided that COI were correct in withholding some material, but
mistaken in not proving a redacted copy?
I am also a little surprised that you did not just attach the
redacted copy to your response, but I would be grateful if you
would send that.
Yours sincerely,
Richard Jackson
FOI Officer
Central Office of Information
11 December 2008
Richard
I will arrange for a copy to sent.
Kind regards
Glynn
Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037
"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."
This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.
The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk
Public Sector Forums left an annotation (12 December 2008)
I think you would have a case to take this to the ICO.
Apart from breaching the statutory timescales for review, to say that for the exemption in section 33 of the FOI Act to apply, the Department needs to demonstrate that:
(a) disclosure is likely to prejudice the authority's auditing functions; and
(b) the public interest in avoiding that prejudice is greater than the public interest in disclosing the information concerned.
I don't think simply saying 'for the reasons as previously stated and I do not believe its release would be in the public interest' satisifies that requirement. Even more strange that they didn't provide the redacted version with the response.
Things to do with this request
Add an annotation (to help the requester or others)
Richard Jackson only:
Reply to FOI Officer
|
Request an internal review
Central Office of Information only:
Respond to request






Public Sector Forums left an annotation (16 September 2008)
Link to this