ICT Governance & Cyber Security (One Planet York)

Waiting for an internal review by City of York Council of their handling of this request.

Dear City of York Council,

Dear Foi

Background & Public Interest Rationale

At the Audit and Governance Committee of 5 December 2018 Councillors raised the matter of the One Planet York Data ‘hack’ and vulnerability, which had been reported to the ICO and is under investigation by both them, as well as an ongoing investigation by the information governance team into its own actions (which does seem odd).

At the same Committee an internal audit which was finalised back in June 18 was finally added to the Audit and Governance Committee agenda (electronic version only). This was entitled ‘IT Security and Information Governance’ and was given a very healthy ‘substantial assurance’ by internal auditors.

It appears that although there is a policy and loads of paperwork the incident response procedure has never been tested, the key management group GRAG has no IT Representatives and no cyber risks in its TOR. There is no mandatory cyber risk training.

See link below.

https://democracy.york.gov.uk/documents/...

Please provide
1. The above mentioned cyber incident policy and practice documents
2. Please provide the dates that these were agreed, which committee were these approved by and which members?
3. Please provide the TORs of GRAG, and the membership by officer title. How often does it meet?
4. Please provide a schedule since April 2017 by job title and date of those receiving cyber security training to date
5. Please provide a schedule of the mandatory training modules to be inserted in the ‘imminent’ [last June] training manual and which committee/ member oversaw this.
6. Please clarify if there is now a corporate risk associated with cyber security as indicated was needed. I can not find in Corporate Risk 2 (Governance)

Yours faithfully,

Gwen Swinburn

foi@york.gov.uk, City of York Council

Thank you for your email. Please note this is an automatically generated receipt to let you know we have received your email.

For information:

* The timescale for responding to Freedom of Information Act (FOIA) and Environmental Information Regulation (EIR) requests is up to 20 working days. We will contact you promptly if we need you to clarify your request or an extension to complete a public interest test.

o The timescale for responding to requests for a review, for FOIA or EIR responses, is up to 20 working days. You are also able to contact the Information Commissioner, contact details below:

* The timescale for responding to your rights in relation to personal data eg: subject access to records (SAR) request, is up to 1 month. We will contact you promptly if we require further information from you, or an extension.

o The timescale for responding to requests for a review, of responses to your rights regarding personal data, is up to 1 month. You are also able to contact the Information Commissioner, contact details below:

Information Commissioner's Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Or email: [email address]<mailto:[email address]> (please include your telephone number in your email)

Regards
Customer Feedback Team

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Help protect the environment! - please don't print this email unless you really need to.

show quoted sections

Dear [email address],

Please submit this for an internal review, you have not met your legal obligations replying within 20 working days.

Yours sincerely,

Gwen Swinburn

foi@york.gov.uk, City of York Council

Thank you for your email. Please note this is an automatically generated receipt to let you know we have received your email.

For information:

* The timescale for responding to Freedom of Information Act (FOIA) and Environmental Information Regulation (EIR) requests is up to 20 working days. We will contact you promptly if we need you to clarify your request or an extension to complete a public interest test.

o The timescale for responding to requests for a review, for FOIA or EIR responses, is up to 20 working days. You are also able to contact the Information Commissioner, contact details below:

* The timescale for responding to your rights in relation to personal data eg: subject access to records (SAR) request, is up to 1 month. We will contact you promptly if we require further information from you, or an extension.

o The timescale for responding to requests for a review, of responses to your rights regarding personal data, is up to 1 month. You are also able to contact the Information Commissioner, contact details below:

Information Commissioner's Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Or email: [email address]<mailto:[email address]> (please include your telephone number in your email)

Regards
Customer Feedback Team

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Help protect the environment! - please don't print this email unless you really need to.

show quoted sections