FOI Request

The request was partially successful.

Sir/Madam,

I wish to make a request under the Freedom of Information Act. The
following questions and information I wish to have sent to me are
as follows:

Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner
• Governance Manager
• Information Security Officer/Manager
• Information Technology Security Officer/Manager
• Caldecott Guardian

PCI-DSS
Does your organisation process electronic payment cards?
How much money is processed from electronic payment cards per
annum?
How many electronic payment card transactions are processed per
annum?
Are you PCI-DSS compliant?

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified?

Government Connect
Are you connected and operationally utilising the Government
Connect network? If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.

Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.

NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications?

Yours faithfully,

Dave Schneider

Chris Daniels, Royal Borough of Windsor and Maidenhead

Dear Dave

I am writing to acknowledge your Information request received 18 August
2010

It has been allocated reference FOI62419

The Freedom of Information Act 2000 provides Public Authorities with 20
working days to process requests.

This period expires on 16 September 2010

Regards

Chris Daniels

Information Management Officer

Transactional Legal Team

Resources Directorate

Royal Borough of Windsor and Maidenhead

Town Hall, St Ives Road

Maidenhead SL6 1RF

Tel: 01628 796029

show quoted sections

Chris Daniels, Royal Borough of Windsor and Maidenhead

Dear Mr Schneider

Further to your Information request FOI62419, please find your questions
and our responses below:

Provide, name, address and telephone number for the following people:

o Senior Information Risk Owner

Response: Keith Clark, Head of ICT Services, Town Hall, Maidenhead,
address below, tel. 0162879 6142

o Governance Manager

Response: No single Governance Manager. For information security matters
the governance is through the Information Security Management Group, which
is chaired by the SIRO above.

o Information Security Officer/Manager

Response: Peter Strode, Security & Information Manager, Town Hall,
Maidenhead, tel. 01628 79 6379

o Information Technology Security Officer/Manager

Response: Peter Strode (As above).

o Caldecott Guardian

Response: Martin Tubbs 01628 796945 Town Hall, Saint Ives Road,
Maidenhead, Berkshire SL6 1RF

    

PCI-DSS

Does your organisation process electronic payment cards?

Yes we do

How much money is processed from electronic payment cards per annum?

Epayments £8,526,089

Cardnet £2,297,669.24

With regard to the Epayments system there were 68951 card payments in
2009/10 with a value of £8,526,089.

How many electronic payment card transactions are processed per annum?

Are you PCI-DSS compliant?

The system and network meets compliancy standards but has not actually
been audited. Documentation exists to identify compliancy standards.
Cardnet transactions processed by the leisure centres/libraries using
Lloyds TSB cardnet machines. Any compliancy issues would fall to Lloyds
TSB as we use their service.

ISO 27001

Are you or have you considered becoming ISO 27001 compliant or certified?

Response: Yes, this is in our future ICT strategy

    

Government Connect

Are you connected and operationally utilising the Government Connect
network? If not have you considered connecting to Government Connect and
why was the decision made not to connect?

Response: Yes, we are connected and operational.

Do you meet the Government Connect version three requirements?

Response: Yes

Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.

Response: No, we cannot disclose even a redacted version of our IT Health
Check because it would give implicit information about our security - and
this breaches the Government Connect security accreditation agreements.

This is a refusal notice under Section 17 of the Freedom of Information
Act 2000. The applicable section is: 24 (1) National Security:

(1)Information which does not fall within section 23(1) is exempt
information if exemption from section 1(1)(b) is required for the purpose
of safeguarding national security.

Do you meet the Government Connect version four requirements?

Response: Yes, RBWM passed the Version 4 requirements in April 2010.

Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which could
contravene a security concern from a third party reading it.

Response: No, we cannot disclose even a redacted version of our IT Health
Check because it would give implicit information about our security - and
this breaches the Government Connect security accreditation agreements.

This is a refusal notice under Section 17 of the Freedom of Information
Act 2000. The applicable section is: 24 (1) National Security:

(1)Information which does not fall within section 23(1) is exempt
information if exemption from section 1(1)(b) is required for the purpose
of safeguarding national security.

    

Criminal Justice Network

Are you connected to and operationally utilising the Criminal Justice
Network? If not have you considered connecting to the Criminal Justice
Network and why was the decision made not to connect?

Please supply your latest annual assessment/audit report, blanking out any
statements which could contravene a security concern from a third party
reading it.

    

NHS N3 Network

Are you connected to and operationally utilising the NHS N3Network? If not
have you considered connecting to the NHS N3 network and why was the
decision made not to connect?

Response: No

Please supply your latest N3 Connection assessment/audit report, blanking
out any statements which could contravene a security concern from a third
party reading it.

Response: Not applicable

Do both schools and the Council share the same physical network
responsible for voice and data communications?

Response: No

If you are unhappy with the information we have provided in response to
your request please write to:

Transactional Legal Team Leader

Royal Borough of Windsor & Maidenhead

Town Hall, St Ives Road

Maidenhead

SL6 1RF

or send an e-mail to [email address].uk 

We are proud to be one of the leading authorities in England for
consistently responding to information requests within the 20 working days
set down by statute. Information about our performance and summaries of
requests received can be found on our website:

http://www.rbwm.gov.uk/web/dataprotectio...

We are keen to hear about your experience with the Information Management
Team here at the Royal Borough of Windsor & Maidenhead and look forward to
receiving any comments you have about the way your information request was
processed.

Please send any feedback to the Transactional Legal Team Leader either by
e-mail [email address] or in writing to the address above.

This concludes your request FOI62419.

Yours sincerely

Chris Daniels

Information Management Officer

Information Management Team

Resources Directorate

Royal Borough of Windsor & Maidenhead

Town Hall, St.Ives Road

Maidenhead SL6 1RF

show quoted sections