Enquiry regarding annual compliance for ITHC, PCI DSS and general data security

Mr Maurits made this Freedom of Information request to East Devon District Council Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

The request was successful.

Dear East Devon District Council,

I am requesting the following information:

1.1) When did you conduct your last IT Health Check?
1.2) When is your next IT Health Check due?
1.3) Do you conduct other cybersecurity penetration testing?
1.4) Are you in a contract for your IT Health Check / other testing? If
so, when will this be up for renewal?
1.5) Who is the contact person at the Council for the annual IT Health
Check?

2.1) When is the next date to renew compliance validation for PCI DSS?
2.2) Will the Council be requiring consultancy to ensure they adhere to
the new PCI DSS 4.0?
2.3) Who is the contact person at the Council looking after PCI DSS
compliance?

3.1) Do the Council adhere to other data security standards, such as Cyber
Essentials Basic, Cyber Essentials Plus, ISO27001?
3.2) If no, do the Council plan on achieving any of these accreditations?

4.1) Does the Council currently utilise an in-house or outsourced Security
Operations Centre for solutions such as EDR, MDR, or XDR?
4.2) Do the Council have Windows Defender for EDR. If so, is this managed
in-house or externally?

5) What are the contact details for the Data Protection Officer?

Yours faithfully,

Mr Maurits

EDDC, East Devon District Council

1 Attachment

[1][IMG]

Dear Mr Maurits

Thank for submitting your Freedom of Information request.

We will respond to your request as quickly as possible, within the 20
working day statutory deadline under the Freedom of Information Act 2000.

For updates on this case, please quote your reference number
FS-Case-627733876.

Yours sincerely,

Information and Complaints Officer
East Devon District Council
[2][East Devon District Council request email]

[3]www.eastdevon.gov.uk

East Devon - an outstanding place
 
© 2023 East Devon District Council

Follow us on [4]Facebook and [5]Twitter

[6]Subscribe to your East Devon Update for regular news and information
about what’s happening at East Devon District Council. Choose which topics
you’re interested in to get a personalised update.

[7]Email disclaimer

[8][IMG]

References

Visible links
1. https://eastdevon.gov.uk/
2. mailto:[east%20devon%20district%20council%20request%20email]
3. http://www.eastdevon.gov.uk/
4. http://www.facebook.com/eastdevon
5. http://twitter.com/eastdevon
6. https://public.govdelivery.com/accounts/...
7. http://eastdevon.gov.uk/help/email-discl...
8. file:///tmp/www.eastdevon.gov.uk/elections

East Devon District Council

1 Attachment

[1][IMG]

Dear Mr Maurits,

Thank you for your request for information. Please find the response to
your query below.

1.1) When did you conduct your last IT Health Check?- August 2023
1.2) When is your next IT Health Check due? - January 2025
1.3) Do you conduct other cybersecurity penetration testing? - In house
Testing
1.4) Are you in a contract for your IT Health Check / other testing? If
so, when will this be up for renewal? - March 2025
1.5) Who is the contact person at the Council for the annual IT Health
Check? - Strata Service Solutions Ltd, they can be contacted via their
website https://strata.solutions/

2.1) When is the next date to renew compliance validation for PCI DSS? -
No date
2.2) Will the Council be requiring consultancy to ensure they adhere to
the new PCI DSS 4.0? - No
2.3) Who is the contact person at the Council looking after PCI DSS
compliance? - EDDC contact will be Exchequer & Systems Manager.

3.1) Do the Council adhere to other data security standards, such as Cyber
Essentials Basic, Cyber Essentials Plus, ISO27001? - No
3.2) If no, do the Council plan on achieving any of these accreditations?
- Security accreditations are being investigated.

4.1) Does the Council currently utilise an in-house or outsourced Security
Operations Centre for solutions such as EDR, MDR, or XDR?

I hope this information is helpful but, if you feel dissatisfied with the
way we have responded to your request, please contact our Monitoring
Officer, to request an internal review
[2][email address].

You can also request a review using [3]our online request form.

You may also approach the Information Commissioner for advice at
[4]www.ico.org.uk.

Yours sincerely,

Information and Complaints Officer
East Devon District Council

[5]www.eastdevon.gov.uk

East Devon - an outstanding place
 
© 2023 East Devon District Council

Follow us on [6]Facebook and [7]Twitter

[8]Subscribe to your East Devon Update for regular news and information
about what’s happening at East Devon District Council. Choose which topics
you’re interested in to get a personalised update.

[9]Email disclaimer

[10][IMG]

References

Visible links
1. https://eastdevon.gov.uk/
2. mailto:[email address]
3. https://eddc-self.achieveservice.com/ser...
4. http://www.ico.org.uk/
5. http://www.eastdevon.gov.uk/
6. http://www.facebook.com/eastdevon
7. http://twitter.com/eastdevon
8. https://public.govdelivery.com/accounts/...
9. http://eastdevon.gov.uk/help/email-discl...
10. https://www.eastdevon.gov.uk/green/