Service providers and PII

The request was successful.

Dear Aberdeen City Council,

1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No

2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No

If No, thank you for your time.
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No

4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No

5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No

6. Do you have policies in place for privileged account management?
- Yes
- No

7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No

8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days

Yours faithfully,

Gabby Dunne

Foi Enquiries, Aberdeen City Council

1 Attachment

Dear Mr Dunne,

 

Information enquiry reference FOI-18-1067.

 

Thank you for your recent request for information, which we received on 17
July 2018.   

 

The scheduled date for our response to your request for information is on
or before 15 August 2018.

 

Please do not hesitate to contact us should you have any queries in the
meantime.

 

Yours sincerely,

 

 

Salomeh Kheyri Rad
Information Compliance Officer

Information Compliance Team | Customer Feedback | Customer Experience

Aberdeen City Council,  Business Hub 17, 3rd Floor North, Marischal
College,

Broad Street, Aberdeen, AB10 1AB
Tel 03000 200 292

Email [1][Aberdeen City Council request email]

[2]www.aberdeencity.gov.uk

 

*03000 numbers are free to call if you have ‘free minutes’ included in
your mobile call plan.

Calls from BT landlines will be charged at the local call rate of 10.24p
per minute (the same as 01224s).

 

 

IMPORTANT NOTICE: This e-mail (including any attachment to it) is
confidential, protected by copyright and may be privileged. The
information contained in it should be used for its intended purposes only.
If you receive this email in error, notify the sender by reply email,
delete the received email and do not make use of, disclose or copy it.
Whilst we take reasonable precautions to ensure that our emails are free
from viruses, we cannot be responsible for any viruses transmitted with
this email and recommend that you subject any incoming email to your own
virus checking procedures. Unless related to Council business, the
opinions expressed in this email are those of the sender and they do not
necessarily constitute those of Aberdeen City Council. Unless we expressly
say otherwise in this email or its attachments, neither this email nor its
attachments create, form part of or vary any contractual or unilateral
obligation. Aberdeen City Council's incoming and outgoing email is subject
to regular monitoring.

References

Visible links
1. mailto:[Aberdeen City Council request email]
2. http://www.aberdeencity.gov.uk/

Foi Enquiries, Aberdeen City Council

1 Attachment

Dear Mr Dunne,

 

Thank you for your information request of 17 July 2018. Aberdeen City
Council (ACC) has completed the necessary search for the information
requested.

 

1. Do you use an external IT service provider/Managed Service Provider
(MSP)?

No

 

2. Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)?

No

 

If No, thank you for your time.

If Yes, please see below:

 

3. Does your contract/Service Level Agreement (SLA) with the provider(s)
have clear provisions for the allocation of responsibilities in the event
of a data breach?

Not applicable, please see our response above.

 

4. Have you revisited your original contract(s) to ensure compliance with
the General Data Protection Regulation (GDPR)?

Not applicable, please see our response above.

 

5. Does the contract/SLA define the time frame in which a security breach
at the provider must be reported to you?

Not applicable, please see our response above.

 

6. Do you have policies in place for privileged account management?

Not applicable, please see our response above.

 

7. Has your service provider/MSP suffered a data breach involving your
organisation’s PII in the last 12 months?

Not applicable, please see our response above.

 

8. If yes, how long did it take for them to notify you?

Not applicable, please see our response above.

 

We hope this helps with your request.

 

Yours sincerely,

 

Grant Webster

Information Compliance Officer

 

INFORMATION ABOUT THE HANDLING OF YOUR REQUEST

 

ACC handled your request for information in accordance with the provisions
of the Freedom of Information (Scotland) Act 2002. Please refer to the
attached PDF for more information about your rights under FOISA.

 

 

Information Compliance Team | Customer Feedback|Customer Experience
Aberdeen City Council, Business Hub 17, 3^rd Floor North, Marischal
College, Broad Street, Aberdeen, AB10 1AQ
Tel 03000 200 292
Email [1][Aberdeen City Council request email]

[2]www.aberdeencity.gov.uk

 

*03000 numbers are free to call if you have ‘free minutes’ included in
your mobile call plan.

Calls from BT landlines will be charged at the local call rate of 10.24p
per minute (the same as 01224s).

 

 

IMPORTANT NOTICE: This e-mail (including any attachment to it) is
confidential, protected by copyright and may be privileged. The
information contained in it should be used for its intended purposes only.
If you receive this email in error, notify the sender by reply email,
delete the received email and do not make use of, disclose or copy it.
Whilst we take reasonable precautions to ensure that our emails are free
from viruses, we cannot be responsible for any viruses transmitted with
this email and recommend that you subject any incoming email to your own
virus checking procedures. Unless related to Council business, the
opinions expressed in this email are those of the sender and they do not
necessarily constitute those of Aberdeen City Council. Unless we expressly
say otherwise in this email or its attachments, neither this email nor its
attachments create, form part of or vary any contractual or unilateral
obligation. Aberdeen City Council's incoming and outgoing email is subject
to regular monitoring.

References

Visible links
1. mailto:[Aberdeen City Council request email]
2. http://www.aberdeencity.gov.uk/