Cyber Security

The request was partially successful.

Dear Newry, Mourne and Down District Council,

Please provide:
1. A copy of your organizations cyber security policy - please provide the policy
2. How many times per annum do you carryout perimeter and penetration test exercises
3. What percentage of employees have undertaken cyber security training within the last 12 months
4. Do you use password management tools that provide passwordless authentication, one-time passwords and password encryption capabilities
5. Do you have a data management policy that documents all information management processes
6. Do you employ any biometric security measures across systems
7. When did your organization last undertake a cyber security audit and what was the assurance
8. Are any of your 0rganization's IT employees Cyber security certified

Yours faithfully,

Callum Winters

Rooney, Ruth, Newry, Mourne and Down District Council

Dear Mr Winters

 

Thank you for your email dated 6 June 2023 and your request for
information therein.

 

You have requested from Newry, Mourne and Down District Council
information in relation to cyber security.

 

I confirm your request will be processed as a request under the Freedom of
Information Act 2000.  Accordingly, you will receive the information you
have requested within 20 working days of the date of receipt of your
request by the Council unless the Council does not hold the information or
there is a reason to withhold all or part of the information requested. 
Council will write to you in any event. 

 

I hope to respond to you as soon as practicable but no later than 4 July
2023.

 

For further information in relation to the Freedom of Information Act 2000
I would refer you to the Information Commissioner's Office website,
[1]www.ico.org.uk

 

If you wish to discuss the above please do not hesitate to contact me.

 

Kind regards

 

 

 

 

Ruth Rooney
Information Officer

Oifig Dhún Pádraig

Downpatrick Office

Downshire Civic Centre

Downshire Estate, Ardglass Road

Downpatrick BT30 6GQ

Council: 0330 137 4000

Direct dial: 0330 137 4825

[2]www.newrymournedown.org

[3]www.facebook.com/nmdcouncil

[4]www.twitter.com/nmdcouncil

 

This e-mail, its contents and any attachments are intended only for the
above named. As this e-mail may contain confidential or legally privileged
information, if you are not, or suspect that you are not, the above named,
or the person responsible for delivering the message to the above named,
delete or destroy the email and any attachments immediately. The contents
of this e-mail may not be disclosed to, nor used by, anyone other than the
above named. We will not accept any liability (in negligence or otherwise)
arising from any third party acting, or refraining from acting, on such
information. Opinions, conclusions and other information expressed in such
messages are not given or endorsed by the Council, unless otherwise
indicated in writing by an authorised representative independent of such
messages. Please note that we cannot guarantee that this message or any
attachment is virus free or has not been intercepted and amended. The
Council undertakes monitoring of both incoming and outgoing e-mails. You
should therefore be aware that if you send an e-mail to a person within
the Council it may be subject to any monitoring deemed necessary by the
organisation. As a public body, the Council may be required to disclose
this e-mail (or any response to it) under UK Data Protection and Freedom
of Information legislation, unless the information in it is covered by an
exemption.

References

Visible links
1. http://www.ico.org.uk/
2. http://www.newrymournedown.org/
3. http://www.facebook.com/nmdcouncil
4. http://www.twitter.com/nmdcouncil

Rooney, Ruth, Newry, Mourne and Down District Council

2 Attachments

Dear Mr Winters

 

I refer to the above and write further to my email of 7 June 2023.

 

Under the Freedom of Information Act 2000 you have requested information
from Newry, Mourne and Down District Council.  Your request has been
processed in accordance with the Freedom of Information Act and,
accordingly, please see the response below.

 

REQUEST

1. A copy of your organizations cyber security policy - please provide the
policy

2. How many times per annum do you carryout perimeter and penetration test
exercises

3. What percentage of employees have undertaken cyber security training
within the last 12 months

4. Do you use password management tools that provide passwordless
authentication, one-time passwords and password encryption capabilities

5. Do you have a data management policy that documents all information
management processes

6. Do you employ any biometric security measures across systems

7. When did your organization last undertake a cyber security audit and
what was the assurance

8. Are any of your 0rganization's IT employees Cyber security certified

 

RESPONSE

Newry, Mourne and Down District Council holds the following recorded
information in relation to your request:

 

 1. No recorded information held – the Council does not have a specific
cyber security policy.
 2. Once annually
 3. 80%+
 4. In this instance the Council is electing to neither confirm nor deny
whether it holds the information requested. In accordance with Section
31(3) of the Freedom of Information Act 2000 - Law Enforcement, 
public authorities are permitted to neither confirm nor deny that
requested information is held, if confirming whether the information
was held would itself prejudice law enforcement matters referred to
within Section 31(1) of the Freedom of Information Act 2000. The
Council believes that if it were to confirm whether this information
was held to the world at large in response to the request could lead
to its mis-use for criminal purposes.
 5. See attached Council’s Information Security Policy Statement and
Council’s Records Management Policy and Procedure.
 6. No
 7. None undertaken
 8. No recorded information identified as falling within the scope of your
request.

 

If you wish to discuss the above or require clarification on any matter,
please do not hesitate to contact me.

 

I trust this is of assistance.  However, should you be unhappy with our
response in this matter you may request an Internal Review of our response
by 8 August 2023. You can contact Ms Edel Cosgrove, Head of Compliance
([1][email address]) in that regard. In the event you are unhappy
with the outcome of any Internal Review conducted by the Council you may
apply to the Information Commissioner's Office (ICO) for a review of our
response.

 

You can contact the ICO via the following details:

ICO website: [2]www.ico.org.uk

ICO self-service portal:
[3]https://ico.org.uk/make-a-complaint/offi...

Helpline: 0303 123 1114

 

Please note that the ICO generally expects Internal Reviews to be
completed prior to reviewing the decisions of public bodies.  For further
information in relation to Freedom of Information I would direct you to
the website of the Information Commissioner at: [4]www.ico.org.uk.

 

Kind regards

 

 

 

Ruth Rooney
Information Officer

Oifig Dhún Pádraig

Downpatrick Office

Downshire Civic Centre

Downshire Estate, Ardglass Road

Downpatrick BT30 6GQ

Council: 0330 137 4000

Direct dial: 0330 137 4825

[5]www.newrymournedown.org

[6]www.facebook.com/nmdcouncil

[7]www.twitter.com/nmdcouncil

 

This e-mail, its contents and any attachments are intended only for the
above named. As this e-mail may contain confidential or legally privileged
information, if you are not, or suspect that you are not, the above named,
or the person responsible for delivering the message to the above named,
delete or destroy the email and any attachments immediately. The contents
of this e-mail may not be disclosed to, nor used by, anyone other than the
above named. We will not accept any liability (in negligence or otherwise)
arising from any third party acting, or refraining from acting, on such
information. Opinions, conclusions and other information expressed in such
messages are not given or endorsed by the Council, unless otherwise
indicated in writing by an authorised representative independent of such
messages. Please note that we cannot guarantee that this message or any
attachment is virus free or has not been intercepted and amended. The
Council undertakes monitoring of both incoming and outgoing e-mails. You
should therefore be aware that if you send an e-mail to a person within
the Council it may be subject to any monitoring deemed necessary by the
organisation. As a public body, the Council may be required to disclose
this e-mail (or any response to it) under UK Data Protection and Freedom
of Information legislation, unless the information in it is covered by an
exemption.

References

Visible links
1. mailto:[email address]
2. http://www.ico.org.uk/
3. https://ico.org.uk/make-a-complaint/offi...
4. http://www.ico.gov.uk/
5. http://www.newrymournedown.org/
6. http://www.facebook.com/nmdcouncil
7. http://www.twitter.com/nmdcouncil