Information Security

Debbie Murphy made this Freedom of Information request to Glasgow Caledonian University

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear Glasgow Caledonian University,

Can you please provide in regards to your IT Health Check (ITHC):

The name of the person who is responsible for sourcing the ITHC testing.

When the ITHC testing is usually carried out each year? (Month)

How much last year's ITHC testing cost and which company provided it?

If you do not perform an ITHC, do you have other Information Security testing in place?

If so, what tests are performed (Internal/External Penetration testing/Web application penetration testing)?

Yours faithfully,

Debbie Murphy

Freedom of Information Enquiries,

Dear Ms Murphy

Glasgow Caledonian University has received your request for information. The University is currently processing this and will get back to you as soon as possible. It will be responded to under the Freedom of Information (Scotland) Act 2002.

Yours sincerely
Linda Reid

Linda Reid
Department of Governance

T: +44 (0)141 273 1451 | F: +44 (0)141 331 8797 | E: [email address]
Glasgow Caledonian University, Cowcaddens Road, Glasgow, G4 0BA,
Scotland, United Kingdom

Freedom of Information Enquiries,

1 Attachment

Dear Ms Murphy

I refer to your request for information. The University's response is given below.

Can you please provide in regards to your IT Health Check (ITHC):

The name of the person who is responsible for sourcing the ITHC testing. Not applicable. We do not recognise this terminology as a single process and do not carry out this testing

When the ITHC testing is usually carried out each year? (Month) Not applicable

How much last year's ITHC testing cost and which company provided it? Not applicable

If you do not perform an ITHC, do you have other Information Security testing in place? Yes

If so, what tests are performed (Internal/External Penetration testing/Web application penetration testing)?

The University has considered this question and concluded that to provide the information would put University security at risk. The University is therefore relying on section 39 (1) Health, safety and the environment of the Freedom of Information (Scotland) Act 2002 – Information is exempt information if its disclosure under this Act would, or would be likely to, endanger the physical or mental health or safety of an individual and Section 30 (c) of the Freedom of Information (Scotland) Act 2002 Prejudice to effective conduct of public affairs - Information is exempt information if its disclosure under this Act would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs.

In reaching this decision the University has considered the public interest test and concluded that the interests of the public are to maintain the security of the University and its systems.

Please find attached a review notice setting out the steps you may take if you are not satisfied with the response provided to your request.

If there are any questions in relation to this request, please contact the University at [Glasgow Caledonian University request email]

Yours sincerely
Jean Ash

Jean Ash
Information Compliance, Governance and Records Manager | Department of Governance

T: +44 (0)141 331 3341| F: +44 (0)141 331 8797 | E: [email address]
Glasgow Caledonian University, Cowcaddens Road, Glasgow, G4 0BA,
Scotland, United Kingdom

show quoted sections