IT service provider/Managed Service Provider (MSP)

Barry Salmon made this Freedom of Information request to Bristol City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Bristol City Council,

1) Do you use an external IT service provider/Managed Service Provider (MSP)?

Yes

No

2) Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?

Yes

No

If No, thank you for your time.

If Yes, please see below

3) If yes, does your contract/service level agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?

Yes

No

4) Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?

Yes

No

5) Does the contract/SLA define the time frame in which a security breach at the provider must reported to you?

Yes

No

6) Do you have policies in place for privileged account management?

Yes

No

7) Has your organisation/service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?

Yes

No

8)If yes, how long did it take for them to notify you?

<30 mins

31 mins – 1 day

1 – 2 days

2 – 3 days

More than 3 days

Yours faithfully,

Barry Salmon

Freedom of Information, Bristol City Council

Thank you for your request for information. Next time why not speed things
up and use our new web service to make your request? It's here at
[1]https://services.bristol.gov.uk/foi

 

If your email is a Freedom Of Information request you should expect to
receive a response within the 20 working day limit.

 

If your email is a request for an internal review you should receive a
response within the 20 - 40 working day limit.

 

 

On Behalf of

The Freedom Of Information team

References

Visible links
1. https://services.bristol.gov.uk/foi

No Reply @ Bristol, Bristol City Council

Dear Barry Salmon 
This is a courtesy email to let you know your Public Information
Request has been received on : 16/07/2018. 
Your unique reference number is "CRN00177934 ". Please keep this
number safe, as you may be required to provide it in the future. 
If you need to add further information concerning your case or
require an update about your response date, please email
[email address
Regards,
Customer Relations Team

"No Reply @ Bristol" <noreply@bristol.gov.uk>, Bristol City Council

You sent us a Freedom of Information request on 16/07/2018

Your request number is CRN00177934

We’ve looked at your request and you should receive a reply on or before 13/08/2018 This will be 20 working days since your original request.

The request

From: Barry Salmon [mailto:[FOI #497663 email]]
Sent: 16 July 2018 15:00
To: Freedom of Information
Subject: Freedom of Information request - IT service provider/Managed Service Provider (MSP)

Dear Bristol City Council,

1) Do you use an external IT service provider/Managed Service Provider (MSP)?

Yes

No

2) Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?

Yes

No

If No, thank you for your time.

If Yes, please see below

3) If yes, does your contract/service level agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?

Yes

No

4) Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?

Yes

No

5) Does the contract/SLA define the time frame in which a security breach at the provider must reported to you?

Yes

No

6) Do you have policies in place for privileged account management?

Yes

No

7) Has your organisation/service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?

Yes

No

8)If yes, how long did it take for them to notify you?

If you don’t hear from us by this time please contact us quoting your request number CRN00177934 at  [1][email address
Contact details we have for you
Barry Salmon
[FOI #497663 email]

 

Thanks

Bristol City Council

References

Visible links
1. mailto:[email address]

"Customer Relations Team" <complaints.feedback@bristol.gov.uk>, Bristol City Council

You sent us a Freedom of Information request on 16/07/2018

Your request number is CRN00177934

Our reply to your request is:  

1) Do you use an external IT service provider/Managed Service Provider (MSP)?

 

Yes

 

No

 

2) Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?

 

Yes

 

No

 

If No, thank you for your time.

 

If Yes, please see below

 

3) If yes, does your contract/service level agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?

 

Yes

 

No

 

4) Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?

 

Yes

 

No

 

5) Does the contract/SLA define the time frame in which a security breach at the provider must reported to you?

 

Yes

 

No

 

6) Do you have policies in place for privileged account management?

 

Yes

 

No

 

7) Has your organisation/service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?

 

Yes

 

No

 

8)If yes, how long did it take for them to notify you?

This response should answer your request in full.

If you’re not satisfied with our response, or if you want to appeal against any exemptions:

Email: [1][Bristol City Council request email]
Write to: Customer Relations (100TS), PO Box 3176, Bristol, BS3 9FS

If you’re still not satisfied with our response:

You can complain to the Information Commissioner. 
Find out how to do this on the Information Commissioner Office website
 (link to [2]http://ico.org.uk/concerns)

Copyright

You do not own the copyright to any of the information we give you. Copyright may be owned by the council or by a third party.

You are not allowed to:

·         make a copy of the information

·         use the information commercially

If you want to copy or use the information in any way you should ask us for permission in writing first. We can’t give permission if it is from a third party.

 

Kind regards

Bristol City Council

References

Visible links
1. mailto:[Bristol City Council request email]
2. http://ico.org.uk/concerns

Dear &quot;Customer Relations Team&quot; &lt;[email address]&gt;,

I can't see what questions you have answered in your response. Please can you resend?

Thanks,

Barry

Complaints and Feedback, Bristol City Council

Dear Barry

I'm sorry that the format used for our response our response didn't work. The answer to the first two questions is no.

Regards

Customer relations team

show quoted sections