Information Security
Dear The Robert Gordon University,
Can you please provide in regards to your IT Health Check (ITHC):
The name of the person who is responsible for sourcing the ITHC testing.
When the ITHC testing is usually carried out each year? (Month)
How much last year's ITHC testing cost and which company provided it?
If you do not perform an ITHC, do you have other Information Security testing in place?
If so, what tests are performed (Internal/External Penetration testing/Web application penetration testing)?
Yours faithfully,
Debbie Murphy
Dear Applicant
This is to acknowledge receipt of your recent request for information from the University under the Freedom of Information (Scotland) Act 2002, it is being dealt with and you will hear from us shortly.
Please note that all subsequent correspondence with the University should be emailed to [RGU request email] as this mailbox is monitored in my absence.
Kind regards
Ian Croft
Information Governance and Complaints Officer
Robert Gordon University
Garthdee Annexe
Garthdee Road
AB10 7QB
[email address]
From: Ian Croft (sppd)
Sent: 17 November 2017 09:48
To: '[FOI #439827 email]'
Subject: (15/11) FOI Request 201017-2 Information Security
Dear Debbie
(15/11) FOI Request 201017-2 Information Security
Please find in Blue below the University's response to your recent request
for information under the Freedom of Information (Scotland) Act 2002.
Information Requested:
The name of the person who is responsible for sourcing the ITHC testing.
No one specific person based on individual systems
When the ITHC testing is usually carried out each year? (Month) No
specific date, carried out as and when required
How much last year's ITHC testing cost and which company provided it? Nil
- performed in house
If you do not perform an ITHC, do you have other Information Security
testing in place? No
If so, what tests are performed (Internal/External Penetration testing/Web
application penetration testing)? N/A
I trust that this provides the information you require, however, if you
are dissatisfied with the University’s handling of your request for
information under the Act, you have 40 days from the date of our response
to request a formal review of our decision. However, you are encouraged
to contact me in the first instance, to determine if I can resolve your
concerns informally as this may lead to a quicker resolution of your
complaint than a formal appeal.
If you remain dissatisfied after contacting me, you may ask for an
Internal review of the University’s handling of your request. All
complaints regarding requests for information will be handled in
accordance with this procedure, and should be put in writing and sent to
the address below.
The request should:
(a) detail your request for a review of our decision to be undertaken;
(b) describe the nature of your original request; and
(c) explain the reasons why you are dissatisfied with our response.
Email [1][RGU request email].
If you remain dissatisfied with how your request for information has been
dealt with, you also have the right to apply to the Scottish Information
Commissioner for a decision as to whether we have handled your request
properly.
Information relating to your right to seek review is available from the
Scottish Information Commissioner's web page at:
[2]http://www.itspublicknowledge.info/faqs.... or by contacting the
Scottish Information Commissioner's Office at the following address:
Scottish Information Commissioner,
Kinburn Castle,
Doubledykes Road, St Andrews,
Fife KY16 9DS
Telephone: 01334 464610
Fax: 01334 464611
E-mail: [3][email address]
Website: [4]www.itspublicknowledge.info
This concludes the University’s response to your enquiry.
Yours sincerely
Ian Croft
Information Governance and Complaints Officer
Robert Gordon University
Garthdee House Annexe
Garthdee Road
Aberdeen
AB10 7QB
[5][email address]
[6]cid:image007.jpg@01D2EB55.2B06F730
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now