Dear Mr Maurits,

 

Thank you for your information request, received on the 19 June 2024.

Reference 7826 has been applied to your request which will be looked into
and a response provided within 20 full working days.

Should you have any queries in the meantime, please contact the Freedom of
Information Team at [1][Braintree District Council request email]

Kind regards,

 

Lucy Day

Performance & Improvement Assistant

Braintree District Council | Causeway House, Bocking End, Braintree, CM7
9HB

 01376 552525| [2]www.braintree.gov.uk

 

References

Visible links
1. mailto:[braintree%20district%20council%20request%20email]
2. http://www.braintree.gov.uk/

Dear Mr Maurits,

 

I am writing regarding your information request received by Braintree
District Council on the 19/06/2024, case reference 7826.

 

Your request for information has been processed under the Freedom of
Information Act (FOIA). The Act enables access to information held by the
Council, subject to exemptions contained within the Act.

 

The Act does not require the Council to create information to respond to a
request if the requested information is not held, nor to give an opinion
or comment.

 

Please find our response to your request below:

 

1.1) When did you conduct your last IT Health Check?

Week commencing 20/02/2024

 

1.2) When is your next IT Health Check due?

1st quarter of 2025

 

1.3) Do you conduct other cybersecurity penetration testing?

No

 

1.4) Are you in a contract for your IT Health Check / other testing? If
so, when will this be up for renewal?

No, we are not in contract.

 

1.5) Who is the contact person at the Council for the annual IT Health
Check?

Paul Reid, ICT and Facilities Manager

 

 

2.1) When is the next date to renew compliance validation for PCI DSS?

December 2024

 

2.2) Will the Council be requiring consultancy to ensure they adhere to
the new PCI DSS 4.0?

Yes this will form part of the Council’s process in 2024 in upgrading or
procuring a new system

 

2.3) Who is the contact person at the Council looking after PCI DSS
compliance?

Phil Myers, Head of Finance 

 

 

3.1) Do the Council adhere to other data security standards, such as Cyber
Essentials Basic, Cyber Essentials Plus, ISO27001?

Yes, Cyber Essentials Basic.

 

3.2) If no, do the Council plan on achieving any of these accreditations?

N/A

 

 

4.1) Does the Council currently utilise an in-house or outsourced Security
Operations Centre for solutions such as EDR, MDR, or XDR?

No SOC at present.

 

4.2) Do the Council have Windows Defender for EDR. If so, is this managed
in-house or externally?

No

 

 

5) What are the contact details for the Data Protection Officer?

Kim Mayo, Head of Governance and Monitoring Officer 

 

 

Right of internal review: If you are dissatisfied with the handling of
your request please contact us in writing, within 40 days of the receipt
of a full response, at: Emma Wisbey Legal and Governance Manager,
Braintree District Council, Causeway House, Bocking End, Braintree, Essex,
CM7 9HB. Or e-mail: [1][Braintree District Council request email]

 

Right to appeal: Should you remain dissatisfied with the outcome of any
internal review, you have a right of appeal under S50 of the Freedom of
Information Act to appeal against the decision by contacting the
Information Commissioner, Wycliffe House, Water Lane, Wilmslow SK9 5AF. Or
e-mail: [2][email address]

 

 

Kind regards,

 

Lucy Day

Performance & Improvement Assistant

Braintree District Council | Causeway House, Bocking End, Braintree, CM7
9HB

 01376 552525| www.braintree.gov.uk

 

References

Visible links
1. mailto:[Braintree District Council request email]
2. mailto:[email address]