FOI Request

The request was successful.

Sir/Madam,

I wish to make a request under the Freedom of Information Act. The
following questions and information I wish to have sent to me are
as follows:

Provide, name, address and telephone number for the following
people:
• Senior Information Risk Owner
• Governance Manager
• Information Security Officer/Manager
• Information Technology Security Officer/Manager
• Caldecott Guardian

PCI-DSS
Does your organisation process electronic payment cards?
How much money is processed from electronic payment cards per
annum?
How many electronic payment card transactions are processed per
annum?
Are you PCI-DSS compliant?

ISO 27001
Are you or have you considered becoming ISO 27001 compliant or
certified?

Government Connect
Are you connected and operationally utilising the Government
Connect network? If not have you considered connecting to
Government Connect and why was the decision made not to connect?
Do you meet the Government Connect version three requirements?
Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.
Do you meet the Government Connect version four requirements?
Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which
could contravene a security concern from a third party reading it.

Criminal Justice Network
Are you connected to and operationally utilising the Criminal
Justice Network? If not have you considered connecting to the
Criminal Justice Network and why was the decision made not to
connect?
Please supply your latest annual assessment/audit report, blanking
out any statements which could contravene a security concern from a
third party reading it.

NHS N3 Network
Are you connected to and operationally utilising the NHS N3
Network? If not have you considered connecting to the NHS N3
network and why was the decision made not to connect?
Please supply your latest N3 Connection assessment/audit report,
blanking out any statements which could contravene a security
concern from a third party reading it.
Do both schools and the Council share the same physical network
responsible for voice and data communications?

Yours faithfully,

Dave Schneider

South Hams District Council

Thank you for contacting South Hams District Council.

Your e-mail has been forwarded to the appropriate officer who will be in contact with you shortly.

The Customer Service Team

#################################################################

Putting our Rural Communities First - A Rural South Devon and Dartmoor Unitary Authority - a proposal for unitary local government in Devon that safeguards our rural communities. Find out more at our website, www.southhams.gov.uk, or contact the Boundary Committee with your views at [email address].

show quoted sections

Ann Dagger,

Thank you for your request under the Freedom of Information Act. I have
passed a copy of your request to the relevant Department within the Council
for their response and will reply to you on receipt of that information. The
Council has a period of twenty working days from receipt of your request in
which to reply to you.

Regards
Ann Dagger
Senior Legal Secretary
South Hams District Council

show quoted sections

Becky Fowlds,

Dear Mr. Schneider

I am writing to request a short extension of time in which to reply to your
request under the Freedom of Information Act.

I hope to be able to respond to you on Monday 20th September

Regards

Becky Fowlds
Solicitor
South Hams District Council

show quoted sections

Becky Fowlds,

I apologise for the delay in responding to your request. The FOI Officer
has been out of the office for various reasons recently.

I set out below our reply in respect of the majority of your request. I
have been asked by the Finance Department in respect of your question
regarding the amount of money processed from electronic payment cards and
the number of transactions, to which year your query relates. If you
could let me know this I will respond to you as soon as possible.

Provide, name, address and telephone number for the following people:

o Senior Information Risk Owner

No such post holder

o Governance Manager

No such post holder

o Information Security Officer/Manager

No such post holder

o Information Technology Security Officer/Manager

Pauleen Blampied - Head of ICT - 01803 861234

o Caldecott Guardian

We are a District Council - no such post holder

PCI-DSS

Does your organisation process electronic payment cards? Yes

How much money is processed from electronic payment cards per annum?

To follow - awaiting clarification of year required

How many electronic payment card transactions are processed per annum?

To follow - awaiting clarification of year required

Are you PCI-DSS compliant? No

ISO 27001

Are you or have you considered becoming ISO 27001 compliant or certified?
Yes

Government Connect

Are you connected and operationally utilising the Government Connect
network? Yes

If not have you considered connecting to Government Connect and why was
the decision made not to connect?

Not Applicable

Do you meet the Government Connect version three requirements? Yes

Please supply your latest CLAS consultant annual Government Connect
assessment/audit report, blanking out any statements which could
contravene a security concern from a third party reading it.

The Council considers that the Code of Connection Based report is exempt
under Section 23 of the FOI 2000 int hat itnis information which is
directly and indirectly supplied to the Council by a body falling within
Section 23(3)(c) namely the Government Communciations Headquarters and the
CESG, the National Technical Authority for Information Assurance being
part of the GCHQ. The Council has not been part of any other related
audit reporting.

Do you meet the Government Connect version four requirements? No

Please supply the latest internal report for the Government Connect
version four Audit/Assessment, blanking out any statements which could
contravene a security concern from a third party reading it. Not
applicable

Criminal Justice Network

Are you connected to and operationally utilising the Criminal Justice
Network? No

If not have you considered connecting to the Criminal Justice Network and
why was the decision made not to connect?

The Government Connect connection is the Local Authority route for secure
connectivity

Please supply your latest annual assessment/audit report, blanking out any
statements which could contravene a security concern from a third party
reading it. Not applicable

NHS N3 Network

Are you connected to and operationally utilising the NHS N3 Network? No

If not have you considered connecting to the NHS N3 network and why was
the decision made not to connect?

The Council does not have direct requirements to connect to the NHS.

Please supply your latest N3 Connection assessment/audit report, blanking
out any statements which could contravene a security concern from a third
party reading it. Not applicable

Do both schools and the Council share the same physical network
responsible for voice and data communications?

The Council does not have a responsibility for the operation of Schools

If you are dissatisfied with this decision you may complain to the
Council, either to me or through the Council's complaints procedure which
is available on our website [1]www.southhams.gov.uk; or you can contact
the office of the Information Commissioner at this postal address:

FOI / EIR (Complaints Resolution)

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 4AF

Regards

Becky Fowlds

Solicitor

South Hams District Council

show quoted sections

References

Visible links
1. http://www.southhams.gov.uk/
http://www.southhams.gov.uk/

Dear Mr. Schneider

Please can you confirm that by the term "electronic payment cards" you mean
debit/credit cards?

I look forward to hearing from you in order to answer your questions and
complete this Freedom of Information request.

Regards

Ann Dagger
Senior Legal Secretary
South Hams District Council

show quoted sections

Dear Ann Dagger,

Please can you update me on the status of this FOI, as you're past the statutory 20 day deadline.

Yours sincerely,

Dave Schneider

2 Attachments

Dear Mr. Scneider

A reply to your request was sent to you on the 20th September at 10:25 and I
attach a copy of this email. An e mail was also sent to you on 21st September
requesting clarification on your questions relating to electronic payments.
I also attach a copy of this email and await your response in order that the
Council can reply to you in full

I look forward to hearing from you

Ann Dagger
Senior Legal Secretary
South Hams District Council

show quoted sections

Sarah Hunt, South Hams District Council

No response has been received by Dave Schneider, therefore please consider this request completed.