Dear Mr Astbury,

Freedom of Information request F17-525

Thank you for your request for information dated 4 December 2017, received
by us on the same date, which is copied below.

We will endeavour to respond to your request promptly but in any case
within 20 working days i.e. on or before 4 January 2018.

If you have any queries about your request, please use the request number
quoted above and in the subject line of this email.

Yours sincerely,

Sarah Price

IRIS Support Officer
Information Rights and Information Security (IRIS) Service | House of
Commons

[1]cid:image002.jpg@01D02B64.34D76640

Click [2]here for details about Freedom of Information

in the House of Commons and to see what we publish.

From: Peter Astbury [mailto:[FOI #450281 email]]
Sent: 04 December 2017 10:04
To: FOI Commons <[email address]>
Subject: Freedom of Information request - Parliment ICT Security Policy

Dear House of Commons,

I would like to see the ICT Security Policy in place in the house of
commons as referenced in the ICT Acceptable Use Policy
([3]https://www.parliament.uk/documents/comm...)
and available on the parliamentary intranet here:
[4]http://intranet.parliament.uk/intranet/c...

Yours faithfully,

Peter Astbury

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[5][FOI #450281 email]

Is [6][House of Commons request email] the wrong address for Freedom of
Information requests to House of Commons? If so, please contact us using
this form:
[7]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[8]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:
[9]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

show quoted sections

Dear Mr Astbury,

Freedom of Information Request F17-525

Thank you for your request for information as copied below.  You asked for
access to Parliament’s ICT Security Policy, as referenced in the ICT
Acceptable Use Policy.

This information is held by the House of Commons; please find this policy
attached.

Please note that some information contained in this policy has been
withheld due to the security sensitive nature of the information, in
accordance with section 24(1) and section 31(1) of the Freedom of
Information Act 2000 (FOIA). Please find details below.

Section 24(1) National Security

Some information contained within this policy is exempt under section
24(1) FOIA as disclosure of such information would be detrimental to the
safeguarding of national security. This is a qualified or non-absolute
exemption and the public interest test applies.

There is a natural concern from the public that the measures in place to
safeguard national security are effective. Any transparency relating to
the way the House of Commons ensures that its IT systems and processes are
as secure as possible would reassure those reasonable concerns.

However, we have also considered the public interest in withholding
information detailing how we ensure our systems are secured. In this case
we have concluded that the disclosure of this information, even at policy
level, may assist the design of attacks against the network which is
likely to impact on national security. Groups planning attacks are known
to conduct extensive research into the opposition they might face, and to
disclose this information could potentially provide an indication of where
to focus their efforts when targeting our systems or staff. For these
reasons we have concluded that it is not in the wider public interest to
disclose this information.

Section 31(1)(a) Law Enforcement

Some information relating to your request is exempt under section 31 (1)
(a) FOIA, as the House considers that releasing this information would be
likely to prejudice the prevention or detection of crime. This is a
qualified or non-absolute exemption and the public interest test applies.

In favour of disclosure is the argument of transparency and openness
through providing details relating to the way the House of Commons secures
its IT systems and processes, the benefits of enhancing public knowledge
of how the House of Commons operates and of reassuring the public that
this is done securely.

However, this is outweighed by the risks of criminal activity being
undertaken if the information was disclosed. The release of this material
could provide valuable information to those wishing to circumvent our
security systems. We would fail in our duty to help prevent criminal
attacks on our network and/or on our staff, and subsequently our duty to
assist those services providing us with law enforcement. Whilst there may
be a public interest in access to this information, the disclosure of
security advice contained in the policy could potentially assist those
parties planning to launch a criminal attack on Parliament. In these
circumstances it is our view that the public interest in maintaining the
exemption outweighs the public interest in disclosing the information at
this particular time.

You may, if dissatisfied with the handling of your request, complain to
the House of Commons. Alternatively, if you are dissatisfied with the
outcome of your request you may ask the House of Commons to conduct an
internal review of any decision regarding your request.  Complaints or
requests for internal review should be addressed to: Information Rights
and Information Security Service, Research & Information Team, House of
Commons, London SW1A 0AA or [1][House of Commons request email].  Please ensure
that you specify the full reasons for your complaint or internal review
along with any arguments or points that you wish to make.

If you remain dissatisfied, you may appeal to the Information Commissioner
at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF,
[2]www.ico.gov.uk.

Yours sincerely,

         
Information Rights Manager
Information Rights and Information Security (IRIS) Service | House of
Commons

[3]cid:image002.jpg@01D02B64.34D76640

Click [4]here for information about FOI in the House of Commons,

or to see what we publish.

From: Peter Astbury [mailto:[FOI #450281 email]]
Sent: 04 December 2017 10:04
To: FOI Commons <[email address]>
Subject: Freedom of Information request - Parliment ICT Security Policy

Dear House of Commons,

I would like to see the ICT Security Policy in place in the house of
commons as referenced in the ICT Acceptable Use Policy
([5]https://www.parliament.uk/documents/comm...)
and available on the parliamentary intranet here:
[6]http://intranet.parliament.uk/intranet/c...

Yours faithfully,

Peter Astbury

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[7][FOI #450281 email]

Is [8][House of Commons request email] the wrong address for Freedom of
Information requests to House of Commons? If so, please contact us using
this form:
[9]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[10]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:
[11]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

show quoted sections