Dear Sunderland City Council,
1) Do you use an external IT service provider/Managed Service Provider (MSP)?
2) Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
If No, thank you for your time.
If Yes, please see below
3) If yes, does your contract/service level agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
4) Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
5) Does the contract/SLA define the time frame in which a security breach at the provider must reported to you?
6) Do you have policies in place for privileged account management?
7) Has your organisation/service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
8)If yes, how long did it take for them to notify you?
31 mins – 1 day
1 – 2 days
2 – 3 days
More than 3 days
Re: Your request for information concerning:
External IT service provider/Managed Service Provider (MSP)
The Council aims to provide available information promptly and in any
event within 20 working days, unless, exceptionally, there is a need to
consider whether the information is exempt from disclosure.
I will contact you again soon in connection with your request.
Please quote the reference below if you contact the Council regarding this
Customer Request Number: 18 07 68
Thank you for your recent Freedom of Information Request, which you
submitted to Sunderland City Council. We have now assessed the request and
created the attached response for your attention.
[personal information removed]
Technical Team Manager (Customer Support)
Sunderland City Council
Confidentiality: this email and its attachments may contain confidential
and privileged information. If you are not the intended recipient, please
inform the sender by return email and destroy all copies. Unauthorised
access, use, disclosure, storage or copying is not permitted.
For information about how we collect, use, share and retain your personal
data, visit: https://www.sunderland.gov.uk/data-prote.... Any email
including its content may be monitored and used by the Council for reasons
of security and for monitoring internal compliance with policy. Email may
also be disclosed in response to a request for information, unless exempt
under access to information legislation. Please be aware that you have a
responsibility to ensure that email you write or forward is within the
bounds of the law.
The Council cannot guarantee that this message or any attachment is virus
free or has not been intercepted and amended. You should perform your own
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.Donate Now