Enquiry regarding annual compliance for ITHC, PCI DSS and general data security
Dear Bridgend County Borough Council,
I am requesting the following information:
1.1) When did you conduct your last IT Health Check?
1.2) When is your next IT Health Check due?
1.3) Do you conduct other cybersecurity penetration testing?
1.4) Are you in a contract for your IT Health Check / other testing? If so, when will this be up for renewal?
1.5) Who is the contact person at the Council for the annual IT Health Check?
2.1) When is the next date to renew compliance validation for PCI DSS?
2.2) Will the Council be requiring consultancy to ensure they adhere to the new PCI DSS 4.0?
2.3) Who is the contact person at the Council looking after PCI DSS compliance?
3.1) Do the Council adhere to other data security standards, such as Cyber Essentials Basic, Cyber Essentials Plus, ISO27001?
3.2) If no, do the Council plan on achieving any of these accreditations?
4.1) Does the Council currently utilise an in-house or outsourced Security Operations Centre for solutions such as EDR, MDR, or XDR?
4.2) Do the Council have Windows Defender for EDR. If so, is this managed in-house or externally?
5) What are the contact details for the Data Protection Officer?
Yours faithfully,
Mr Maurits
Diolch ichi am eich gohebiaeth. Sylwch na fydd yr ohebiaeth yn cael ei
hailgyfeirio.
Oherwydd ôl-groniad o waith newydd a phroblemau sy’n parhau o ran adnoddau
yn Nhîm Gwybodaeth y Cyngor, ar hyn o bryd nid ydym yn gallu cydnabod
gohebiaeth newydd yn syth pan fydd yn ein cyrraedd. Gallwn eich sicrhau
ein bod wedi cael eich gohebiaeth ac y bydd y tîm yn rhoi sylw i’ch mater
cyn gynted ag y gallwn.
Rydym yn gweithio’n galed i wella’r sefyllfa. Diolch ichi am eich amynedd.
Thank you for your correspondence, please note this will not be
redirected.
Due to a backlog of new work and ongoing resource issues within the
Council’s Information Team, we are not currently able to acknowledge new
correspondence as soon as it is received. Please be assured that your
correspondence has been received and will be dealt with by the team as
soon as we are able to.
We are working hard to improve the situation and thank you for your
patience.
══════════════════════════════════════════════════════════════════════════
This e-mail and any attachments transmitted with it represents the
views of the individual(s) who sent them and should not be regarded
as the official view of Bridgend County Borough Council. The contents
are confidential and intended solely for the use of the addressee. If
you have received it in error, please inform the system administrator
[email address]
This e-mail and any attachments have been scanned.
══════════════════════════════════════════════════════════════════════════
Mae'r e-bost hwn ac unrhyw atodiadau a drosglwyddir gydag ef yn
cynrychioli
safbwyntiau'r unigolyn a'i anfonodd (unigolion a'u hanfonodd) ac ni ddylid
eu
hystyried fel safbwynt swyddogol Cyngor Bwrdeistref Sirol Pen-y-bont ar
Ogwr.
Mae'r cynnwys yn gyfrinachol ac wedi'i fwriadu ar gyfer y sawl y'i
cyfeiriwyd
ato yn unig. Os ydych wedi ei dderbyn mewn camgymeriad, rhowch wybod i
weinyddwr
y system ar [email address]
Mae'r e-bost hwn ac unrhyw atodiadau wedi cael eu sganio.
Dear Mr Maurits
FOI REQUEST FOI001-6067
We acknowledge your request for information received on 26 June 2024.
Firstly, please accept our apologies for the delay in sending this
acknowledgement.
We are considering your request and you should receive a response within
the statutory timescale of 20 working days, unless the information is
exempt or we require additional time to consider whether disclosure is in
the public interest in accordance with section 2 of the Freedom of
Information Act.
We will try to supply information in electronic format by email, but if
this is not possible we will let you know. If you have any special
requirements e.g. language, audio, large print, etc. then please let us
know.
The Act defines a number of exemptions which may prevent release of the
information you have requested. Before we provide the information we will
consider whether it is proper to release it and if any of the exemption
categories do apply then the information will not be released. We will
tell you if this is the case, and you will have a right of appeal.
If the information you request contains reference to a third party then
they may be consulted prior to a decision being taken on whether or not to
release the information to you. We will tell you if this is the case.
You may have to pay a fee for this information. We will consider this and
let you know. If so you will have to pay the fee before we process and
release the information.
If you have any queries or concerns, then please contact me directly. You
can find out more about the Act from the Information Commissioner at:
Information Commissioner’s Office – Wales 2nd Floor Churchill House
Churchill Way Cardiff
CF10 2HH
Telephone: 02920 678400 Fax: 02920 678399
Email: [1][email address]
Website: [2]https://ico.org.uk/
Yours sincerely
Tina
Y Swyddfa Rhyddid Gwybodaeth | Freedom of Ffon / Phone: (01656) 643473
Information Office
Ffacs / Fax: (01656) 657899
Cyfarwyddiaeth y Prif Weithredwr| Chief
Executive’s Directorate
Cyngor Bwrdeistref Sirol Pen-Y-Bont ar Ogwr | E-bost / E-Mail
Bridgend County Borough Council [3][Bridgend County Borough Council request email]
Gwefan / Website:
[4]www.bridgend.gov.uk
══════════════════════════════════════════════════════════════════════════
This e-mail and any attachments transmitted with it represents the
views of the individual(s) who sent them and should not be regarded
as the official view of Bridgend County Borough Council. The contents
are confidential and intended solely for the use of the addressee. If
you have received it in error, please inform the system administrator
[email address]
This e-mail and any attachments have been scanned.
══════════════════════════════════════════════════════════════════════════
Mae'r e-bost hwn ac unrhyw atodiadau a drosglwyddir gydag ef yn
cynrychioli
safbwyntiau'r unigolyn a'i anfonodd (unigolion a'u hanfonodd) ac ni ddylid
eu
hystyried fel safbwynt swyddogol Cyngor Bwrdeistref Sirol Pen-y-bont ar
Ogwr.
Mae'r cynnwys yn gyfrinachol ac wedi'i fwriadu ar gyfer y sawl y'i
cyfeiriwyd
ato yn unig. Os ydych wedi ei dderbyn mewn camgymeriad, rhowch wybod i
weinyddwr
y system ar [email address]
Mae'r e-bost hwn ac unrhyw atodiadau wedi cael eu sganio.
References
Visible links
1. mailto:[email address]
2. https://ico.org.uk/
3. mailto:[Bridgend County Borough Council request email]
4. file://internal.bridgend.gov.uk/home/THOMAJL6/Service%20desk/Documents/www.bridgend.gov.uk
Dear Mr Maurits
FREEDOM OF INFORMATION REQUEST FOI001-6067
We refer to your email dated 26^th June 2024 which contained a request for
information as set out in italics below. Following consideration of your
request, in accordance with the Freedom of Information Act 2000, I respond
to each point as follows:
I am requesting the following information:
1.1) When did you conduct your last IT Health Check?
August 2023
1.2) When is your next IT Health Check due?
August 2024
1.3) Do you conduct other cybersecurity penetration testing?
No
1.4) Are you in a contract for your IT Health Check / other
testing? If so, when will this be up for renewal?
No
1.5) Who is the contact person at the Council for the annual IT
Health Check?
Mr Mark Shephard
Chief Executive
Email – [1][email address]
Telephone – 01656 643380
2.1) When is the next date to renew compliance validation for PCI DSS?
The Council is in the process of undertaking compliance validation.
2.2) Will the Council be requiring consultancy to ensure they adhere to
the new PCI DSS 4.0?
This is already in progress.
2.3) Who is the contact person at the Council looking after PCI DSS
compliance?
Mr Mark Shephard
Chief Executive
Email – [2][email address]
Telephone – 01656 643380
3.1) Do the Council adhere to other data security standards, such as Cyber
Essentials Basic, Cyber Essentials Plus, ISO27001?
PSN Code of Connection
3.2) If no, do the Council plan on achieving any of these accreditations?
N/A
4.1) Does the Council currently utilise an in-house or outsourced Security
Operations Centre for solutions such as EDR, MDR, or XDR?
No
4.2) Do the Council have Windows Defender for EDR. If so, is this managed
in-house or externally?
Yes, Windows Defender managed in house
5) What are the contact details for the Data Protection Officer?
I hope this response satisfies your request. If you are dissatisfied with
the handling of the request, under the Freedom of Information Act 2000 you
have the right to request a review of the Council’s response to your
request for information. If you wish to request a review, please write to
the below address or email [3][Bridgend County Borough Council request email] . Following ICO
guidance, a request for a review must be made within 2 months of a
response being received.
Monitoring Officer
Bridgend County Borough Council
Civic Offices,
Angel Street
Bridgend, CF31 4WB
If you remain dissatisfied with the outcome of that review, you may seek
further recourse by lodging an appeal with the Information Commissioner
at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
E:mail : [4][email address]
Website: [5]www.ico.org.uk
Yours sincerely
--
Freedom of Information Office
Bridgend County Borough Council
Level 4, Civic Offices
Angel Street
Bridgend
CF31 4WB
Tel: 01656 643565
Email: [6][Bridgend County Borough Council request email]
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now