External IT service provider/Managed Service Provider (MSP)

Barry Salmon made this Freedom of Information request to Sunderland City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Sunderland City Council,

1) Do you use an external IT service provider/Managed Service Provider (MSP)?



2) Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?



If No, thank you for your time.

If Yes, please see below

3) If yes, does your contract/service level agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?



4) Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?



5) Does the contract/SLA define the time frame in which a security breach at the provider must reported to you?



6) Do you have policies in place for privileged account management?



7) Has your organisation/service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?



8)If yes, how long did it take for them to notify you?

<30 mins

31 mins – 1 day

1 – 2 days

2 – 3 days

More than 3 days

Yours faithfully,

Barry Salmon

Solicitor - Freedom of Information, Sunderland City Council

2 Attachments

Re: Your request for information concerning:


External IT service provider/Managed Service Provider (MSP)


The Council aims to provide available information promptly and in any
event within 20 working days, unless, exceptionally, there is a need to
consider whether the information is exempt from disclosure.


I will contact you again soon in connection with your request.


Please quote the reference below if you contact the Council regarding this


Customer Request Number:  18 07 68





show quoted sections

[personal information removed], Sunderland City Council

2 Attachments



Thank you for your recent Freedom of Information Request, which you
submitted to Sunderland City Council. We have now assessed the request and
created the attached response for your attention.




[personal information removed]
Technical Team Manager (Customer Support)

Corporate Services

Sunderland City Council





[4][IMG]   [5][IMG]

Confidentiality: this email and its attachments may contain confidential
and privileged information. If you are not the intended recipient, please
inform the sender by return email and destroy all copies. Unauthorised
access, use, disclosure, storage or copying is not permitted.

For information about how we collect, use, share and retain your personal
data, visit: [6]https://www.sunderland.gov.uk/data-prote.... Any email
including its content may be monitored and used by the Council for reasons
of security and for monitoring internal compliance with policy. Email may
also be disclosed in response to a request for information, unless exempt
under access to information legislation. Please be aware that you have a
responsibility to ensure that email you write or forward is within the
bounds of the law.

The Council cannot guarantee that this message or any attachment is virus
free or has not been intercepted and amended. You should perform your own
virus checks.



Visible links
1. http://www.sunderland.gov.uk/
3. https://www.sunderland.gov.uk/
4. https://en-gb.facebook.com/sunderlandcit...
5. http://twitter.com/sunderlanduk
6. https://www.sunderland.gov.uk/data-prote...