FOI Request
Sir/Madam,
I wish to make a request under the Freedom of Information Act. The
following questions and information I wish to have sent to me are
as follows:
Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner
• Governance Manager
• Information Security Officer/Manager
• Information Technology Security Officer/Manager
• Caldecott Guardian
PCI-DSS
Does your organisation process electronic payment cards?
How much money is processed from electronic payment cards per
annum?
How many electronic payment card transactions are processed per
annum?
Are you PCI-DSS compliant?
ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified?
Government Connect
Are you connected and operationally utilising the Government
Connect network? If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.
Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.
NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications?
Yours faithfully,
Dave Schneider
Dear Dave
I am writing to acknowledge your Information request received 18 August
2010
It has been allocated reference FOI62419
The Freedom of Information Act 2000 provides Public Authorities with 20
working days to process requests.
This period expires on 16 September 2010
Regards
Chris Daniels
Information Management Officer
Transactional Legal Team
Resources Directorate
Royal Borough of Windsor and Maidenhead
Town Hall, St Ives Road
Maidenhead SL6 1RF
Tel: 01628 796029
Dear Mr Schneider
Further to your Information request FOI62419, please find your questions
and our responses below:
Provide, name, address and telephone number for the following people:
o Senior Information Risk Owner
Response: Keith Clark, Head of ICT Services, Town Hall, Maidenhead,
address below, tel. 0162879 6142
o Governance Manager
Response: No single Governance Manager. For information security matters
the governance is through the Information Security Management Group, which
is chaired by the SIRO above.
o Information Security Officer/Manager
Response: Peter Strode, Security & Information Manager, Town Hall,
Maidenhead, tel. 01628 79 6379
o Information Technology Security Officer/Manager
Response: Peter Strode (As above).
o Caldecott Guardian
Response: Martin Tubbs 01628 796945 Town Hall, Saint Ives Road,
Maidenhead, Berkshire SL6 1RF
PCI-DSS
Does your organisation process electronic payment cards?
Yes we do
How much money is processed from electronic payment cards per annum?
Epayments £8,526,089
Cardnet £2,297,669.24
With regard to the Epayments system there were 68951 card payments in
2009/10 with a value of £8,526,089.
How many electronic payment card transactions are processed per annum?
Are you PCI-DSS compliant?
The system and network meets compliancy standards but has not actually
been audited. Documentation exists to identify compliancy standards.
Cardnet transactions processed by the leisure centres/libraries using
Lloyds TSB cardnet machines. Any compliancy issues would fall to Lloyds
TSB as we use their service.
ISO 27001
Are you or have you considered becoming ISO 27001 compliant or certified?
Response: Yes, this is in our future ICT strategy
Government Connect
Are you connected and operationally utilising the Government Connect
network? If not have you considered connecting to Government Connect and
why was the decision made not to connect?
Response: Yes, we are connected and operational.
Do you meet the Government Connect version three requirements?
Response: Yes
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Response: No, we cannot disclose even a redacted version of our IT Health
Check because it would give implicit information about our security - and
this breaches the Government Connect security accreditation agreements.
This is a refusal notice under Section 17 of the Freedom of Information
Act 2000. The applicable section is: 24 (1) National Security:
(1)Information which does not fall within section 23(1) is exempt
information if exemption from section 1(1)(b) is required for the purpose
of safeguarding national security.
Do you meet the Government Connect version four requirements?
Response: Yes, RBWM passed the Version 4 requirements in April 2010.
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which could
contravene a security concern from a third party reading it.
Response: No, we cannot disclose even a redacted version of our IT Health
Check because it would give implicit information about our security - and
this breaches the Government Connect security accreditation agreements.
This is a refusal notice under Section 17 of the Freedom of Information
Act 2000. The applicable section is: 24 (1) National Security:
(1)Information which does not fall within section 23(1) is exempt
information if exemption from section 1(1)(b) is required for the purpose
of safeguarding national security.
Criminal Justice Network
Are you connected to and operationally utilising the Criminal Justice
Network? If not have you considered connecting to the Criminal Justice
Network and why was the decision made not to connect?
Please supply your latest annual assessment/audit report, blanking out any
statements which could contravene a security concern from a third party
reading it.
NHS N3 Network
Are you connected to and operationally utilising the NHS N3Network? If not
have you considered connecting to the NHS N3 network and why was the
decision made not to connect?
Response: No
Please supply your latest N3 Connection assessment/audit report, blanking
out any statements which could contravene a security concern from a third
party reading it.
Response: Not applicable
Do both schools and the Council share the same physical network
responsible for voice and data communications?
Response: No
If you are unhappy with the information we have provided in response to
your request please write to:
Transactional Legal Team Leader
Royal Borough of Windsor & Maidenhead
Town Hall, St Ives Road
Maidenhead
SL6 1RF
or send an e-mail to [email address].uk
We are proud to be one of the leading authorities in England for
consistently responding to information requests within the 20 working days
set down by statute. Information about our performance and summaries of
requests received can be found on our website:
http://www.rbwm.gov.uk/web/dataprotectio...
We are keen to hear about your experience with the Information Management
Team here at the Royal Borough of Windsor & Maidenhead and look forward to
receiving any comments you have about the way your information request was
processed.
Please send any feedback to the Transactional Legal Team Leader either by
e-mail [email address] or in writing to the address above.
This concludes your request FOI62419.
Yours sincerely
Chris Daniels
Information Management Officer
Information Management Team
Resources Directorate
Royal Borough of Windsor & Maidenhead
Town Hall, St.Ives Road
Maidenhead SL6 1RF
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now