Service providers and PII
Dear Aberdeen City Council,
1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No
2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No
If No, thank you for your time.
If Yes, please see below:
3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No
4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No
5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No
6. Do you have policies in place for privileged account management?
- Yes
- No
7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No
8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days
Yours faithfully,
Gabby Dunne
Dear Mr Dunne,
Information enquiry reference FOI-18-1067.
Thank you for your recent request for information, which we received on 17
July 2018.
The scheduled date for our response to your request for information is on
or before 15 August 2018.
Please do not hesitate to contact us should you have any queries in the
meantime.
Yours sincerely,
Salomeh Kheyri Rad
Information Compliance Officer
Information Compliance Team | Customer Feedback | Customer Experience
Aberdeen City Council, Business Hub 17, 3rd Floor North, Marischal
College,
Broad Street, Aberdeen, AB10 1AB
Tel 03000 200 292
Email [1][Aberdeen City Council request email]
[2]www.aberdeencity.gov.uk
*03000 numbers are free to call if you have ‘free minutes’ included in
your mobile call plan.
Calls from BT landlines will be charged at the local call rate of 10.24p
per minute (the same as 01224s).
IMPORTANT NOTICE: This e-mail (including any attachment to it) is
confidential, protected by copyright and may be privileged. The
information contained in it should be used for its intended purposes only.
If you receive this email in error, notify the sender by reply email,
delete the received email and do not make use of, disclose or copy it.
Whilst we take reasonable precautions to ensure that our emails are free
from viruses, we cannot be responsible for any viruses transmitted with
this email and recommend that you subject any incoming email to your own
virus checking procedures. Unless related to Council business, the
opinions expressed in this email are those of the sender and they do not
necessarily constitute those of Aberdeen City Council. Unless we expressly
say otherwise in this email or its attachments, neither this email nor its
attachments create, form part of or vary any contractual or unilateral
obligation. Aberdeen City Council's incoming and outgoing email is subject
to regular monitoring.
References
Visible links
1. mailto:[Aberdeen City Council request email]
2. http://www.aberdeencity.gov.uk/
Dear Mr Dunne,
Thank you for your information request of 17 July 2018. Aberdeen City
Council (ACC) has completed the necessary search for the information
requested.
1. Do you use an external IT service provider/Managed Service Provider
(MSP)?
No
2. Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)?
No
If No, thank you for your time.
If Yes, please see below:
3. Does your contract/Service Level Agreement (SLA) with the provider(s)
have clear provisions for the allocation of responsibilities in the event
of a data breach?
Not applicable, please see our response above.
4. Have you revisited your original contract(s) to ensure compliance with
the General Data Protection Regulation (GDPR)?
Not applicable, please see our response above.
5. Does the contract/SLA define the time frame in which a security breach
at the provider must be reported to you?
Not applicable, please see our response above.
6. Do you have policies in place for privileged account management?
Not applicable, please see our response above.
7. Has your service provider/MSP suffered a data breach involving your
organisation’s PII in the last 12 months?
Not applicable, please see our response above.
8. If yes, how long did it take for them to notify you?
Not applicable, please see our response above.
We hope this helps with your request.
Yours sincerely,
Grant Webster
Information Compliance Officer
INFORMATION ABOUT THE HANDLING OF YOUR REQUEST
ACC handled your request for information in accordance with the provisions
of the Freedom of Information (Scotland) Act 2002. Please refer to the
attached PDF for more information about your rights under FOISA.
Information Compliance Team | Customer Feedback|Customer Experience
Aberdeen City Council, Business Hub 17, 3^rd Floor North, Marischal
College, Broad Street, Aberdeen, AB10 1AQ
Tel 03000 200 292
Email [1][Aberdeen City Council request email]
[2]www.aberdeencity.gov.uk
*03000 numbers are free to call if you have ‘free minutes’ included in
your mobile call plan.
Calls from BT landlines will be charged at the local call rate of 10.24p
per minute (the same as 01224s).
IMPORTANT NOTICE: This e-mail (including any attachment to it) is
confidential, protected by copyright and may be privileged. The
information contained in it should be used for its intended purposes only.
If you receive this email in error, notify the sender by reply email,
delete the received email and do not make use of, disclose or copy it.
Whilst we take reasonable precautions to ensure that our emails are free
from viruses, we cannot be responsible for any viruses transmitted with
this email and recommend that you subject any incoming email to your own
virus checking procedures. Unless related to Council business, the
opinions expressed in this email are those of the sender and they do not
necessarily constitute those of Aberdeen City Council. Unless we expressly
say otherwise in this email or its attachments, neither this email nor its
attachments create, form part of or vary any contractual or unilateral
obligation. Aberdeen City Council's incoming and outgoing email is subject
to regular monitoring.
References
Visible links
1. mailto:[Aberdeen City Council request email]
2. http://www.aberdeencity.gov.uk/
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now