Information Security

The request was successful.

Dear Scottish Borders Council,

Can you please provide in regards to your IT Health Check (ITHC):

The name of the person who is responsible for sourcing the ITHC testing.

When the ITHC testing is usually carried out each year? (Month)

How much last year's ITHC testing cost and which company provided it?

If you do not perform an ITHC, do you have other Information Security testing in place?

If so, what tests are performed (Internal/External Penetration testing/Web application penetration testing)?

Yours faithfully,

Debbie Murphy

Freedom of Information, Scottish Borders Council

Dear Ms Murphy

I acknowledge receipt of your request for information relating to the
above and shall respond within the relevant 20 working day period.

Yours sincerely

Information Management Team

Scottish Borders Council

Newtown St Boswells

TD6 0SA

E mail:  [email address]

Tel: 0300 100 1800

 

 

"

"

Freedom of Information, Scottish Borders Council

1 Attachment

Dear Ms Murphy

Further to your request for information under the Freedom of Information (Scotland) Act 2002 relating to the above I am now able to respond.

The following response was prepared and provided on behalf of Finance:

* Responsible Officer: Bill Edwards - Interim Head of IT

* Schedule: This is, as a minimum, an annual check, and could be in any one of a number of months

* Provider & cost: The ITHC is included within The Scottish Borders Council contract for ICT and Digital Services awarded to CGI in March 2016. As such, Scottish Borders Council do not hold all of the information requested and therefore we give notice under S17 of FOI(S)A 2002 and declare that the information is not held

* Other testing: A range of additional testing is undertaken however The Freedom of Information (Scotland) Act 2002 allows a public authority to withhold information in response to a request, where one or more exemptions listed in FOISA applies. In this case Scottish Borders Council believes the following exemption applies: S30(C) The effective conduct of public affairs. This is because the Council would be making itself vulnerable to attack if the testing scope or schedules were disclosed. This would impact on the Council's ability to provide services to the public and would therefore not be in the Public Interest.

I can advise that you have a right to request a review within 40 working days from the date we respond to your request. You should either e-mail [Scottish Borders Council request email]<mailto:[Scottish Borders Council request email]> or write to the Information Manager, Scottish Borders Council, Council HQ, Newtown St. Boswells TD6 0SA.

If after the Council's FOI Advice Group have considered your review and you are still not happy with the decision you then have a right to appeal to the Office of the Scottish Information Commissioner, Kinburn Castle, Doubledykes Road, St. Andrews, fife KY16 9DS.

Yours sincerely

for the

Information Management Team

Scottish Borders Council

Newtown St Boswells

TD6 0SA

E mail: [email address]

Tel: 0300 100 1800

"

"