Dear Sir or Madam,

In the .gov.uk Naming and Approvals Committee Minutes of 26th
September 2007 reference is made to a security audit of coi.gov.uk

Can you please provide a copy of that audit (and, should it not be
obvious from the audit report, details of who conducted it), and
details of any decisions made by COI in response to it.

If there have been any further audits commissioned or conducted
since then, please also provide similar information in relation to
them.

Yours faithfully,

Richard

Good afternoon Richard

Please see the attached.

Regards
Glynn

Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037

"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."

This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.

The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk

Dear Glynn,

Please take this as a request for an internal review of this
decision. You say in your response that I should contact Emma
Lochhead in that regard, but you have provided no details on how to
do that, so I would be grateful if you could forward this on.

I would note that the security audit in question is almost a year
old now, and that there would be a reasonable expectation that any
problems identified by it should be fixed by now. If, for some
reason, a decision was made to ignore some potential problems and
rely on security through obscurity, then it would be slightly more
understandable for those portions to be withheld or redacted, but I
do not believe it is appropriate to refuse to release _all_
information requested (including details of by whom the audit was
carried out).

Yours sincerely,

Richard

Dear Sir or Madam,

My request for internal review made on 21nd September in relation
to my FOI request 'Security Audit of coi.gov.uk' has still received
no response. I would note that ICO guidance states that such
requests should normally be handled in 20 working days, and should
never take more than 40.

Please advise on the expected date when I should receive a
response.

A full history of my original request and all correspondence is
available on the Internet at this address:
http://www.whatdotheyknow.com/request/se...

Yours sincerely,

Richard Jackson

Dear Sir or Madam,

It is now well over two months since I requested an internal review
of my request relating to the Security Audit of coi.gov.uk and I
have still heard nothing. Unless I receive an update in the next
week I will have little option but to direct this matter to the
ICO.

A full history of my FOI request and all correspondence is
available on the Internet at this address:
http://www.whatdotheyknow.com/request/se...

Yours sincerely,

Richard Jackson

Good morning Richard

Thank you for your email. Please see the attached sent in response to your email of 8th November.

If you have any queries please do not hesitate to contact me.

Kind regards
Glynn

Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037

"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."

This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.

The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk

Dear Emma,

RE: 10485428

Thank you for this response.

I am slightly confused as to your point re: providing a redacted
copy of the audit. Are you saying that your internal review has
decided that COI were correct in withholding some material, but
mistaken in not proving a redacted copy?

I am also a little surprised that you did not just attach the
redacted copy to your response, but I would be grateful if you
would send that.

Yours sincerely,

Richard Jackson

Richard

I will arrange for a copy to sent.

Kind regards
Glynn

Glynn Morgan
FOI Officer
Central Office of Information
Hercules House
Hercules Road
London
SE1 7DU
Tel 020 7928-2345
Fax 020 7928 5037

"This communication is confidential and copyright. Anyone coming into unauthorised possession of it should disregard its content and erase it from their records."

This communication is confidential and copyright.
Anyone coming into unauthorised possession of it should disregard its content and erase it from their records.

The original of this email was scanned for viruses by Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs.
On leaving the GSI this email was certified virus free.
The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk