Service providers and PII

Gabby Dunne made this Freedom of Information request to Peterborough City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Peterborough City Council,

1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No

2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No

If No, thank you for your time.
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No

4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No

5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No

6. Do you have policies in place for privileged account management?
- Yes
- No

7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No

8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days

Yours faithfully,

Gabby Dunne

FOI Team, Peterborough City Council

Dear Gabby Dunne 
This is a courtesy email to let you know your Public Information
Request has been received on : 17/07/2018. 
Your unique reference number is "CRN1807504129 ". Please keep this
number safe, as you may be required to provide it in the future. 
Regards,
Customer Service Team

show quoted sections

"FOI Team" <foi@peterborough.gov.uk>, Peterborough City Council

FREEDOM OF INFORMATION REQUEST  CRN1807504129     

 

Dear Sir / Madam,

 

Your request for information, with reference number CRN1807504129 has
now been considered and the information requested is given below.

Information Request: 

1. Do you use an external IT service provider/Managed Service
Provider (MSP)? 
- Yes 
- No
2. Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)? 
- Yes 
- No
If No, thank you for your time. 
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the
provider(s) have clear provisions for the allocation of
responsibilities in the event of a data breach? 
- Yes 
- No
4. Have you revisited your original contract(s) to ensure compliance
with the General Data Protection Regulation (GDPR)? 
- Yes 
- No
5. Does the contract/SLA define the time frame in which a security
breach at the provider must be reported to you? 
- Yes 
- No
6. Do you have policies in place for privileged account management? 
- Yes 
- No
7. Has your service provider/MSP suffered a data breach involving
your organisation s PII in the last 12 months? 
- Yes 
- No
8. If yes, how long did it take for them to notify you? 
- <30 minutes 
- 31 mins 1 day 
- 1 2 days 
- 2 3 days 
- More than 3 days

        

Our Response:

Request and Response

I've responded as below. I can only answer on behalf of our IT
provider. If you require anything relating to the PSSP that is Chris
Yates.
 
1. Do you use an external IT service provider/Managed Service
Provider (MSP)? 
 
Yes

2. Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)? 
 
Yes                  

If No, thank you for your time. 
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the
provider(s) have clear provisions for the allocation of
responsibilities in the event of a data breach? 
 
Yes                  
 
4. Have you revisited your original contract(s) to ensure compliance
with the General Data Protection Regulation (GDPR)? 
 
Yes                 

5. Does the contract/SLA define the time frame in which a security
breach at the provider must be reported to you? 
 
Yes                 

6. Do you have policies in place for privileged account management? 
 
No                   

7. Has your service provider/MSP suffered a data breach involving
your organisation s PII in the last 12 months? 
 
Yes                   

8. If yes, how long did it take for them to notify you? 
- <30 minutes 
- 31 mins 1 day 
- 1 2 days 
- 2 3 days 
- More than 3 days
 
Notification of data breaches is completed within 2 days of the
breach being identified
  

 

       

Re-use of information

You may re-use any documents supplied for your own use, including for
non-commercial research purposes. The documents may also be used for
news reporting. However, any other type of re-use, for example by
publishing the documents or issuing copies to the public will require
the permission of the copyright owner, where copyright exists.  Such
a request would be considered separately in accordance with the
relevant Re-use of Public Sector Information Regulations 2015 and is
not automatic.  Therefore no permission is implied in the re-use of
these documents, until such a request for re-use has been made and
agreed, subject to any appropriate conditions. 

 

You may re-use any dataset included in this response (excluding
logos) free of charge, in any format or medium, under the terms of
the Open Government Licence v2.0. To view this licence, visit
the [1]National Archives website or
email [2][email address].  Where we have identified
any third-party copyright information, you will need to obtain
permission from the copyright holders concerned.  Users reproducing
Peterborough City Council content without adaptation should include a
source accreditation to Peterborough City Council: Source:
Peterborough City Council licensed under the Open Government Licence
v.2.0.  Users reproducing content which is adapted should include a
source accreditation to Peterborough City Council: Adapted from data
from Peterborough City Council licensed under the Open Government
Licence v.2.0.

 

If you have any queries or concerns then please do not hesitate to
contact me.

 

If you are dissatisfied with the handling of your request please
contact the Information Specialist, Peterborough City Council, Town
Hall, Bridge Street, Peterborough, PE1 1HG; Telephone: 01733 452533,
e-mail: [3][Peterborough City Council request email]

 

You can also complain to the Information Commissioner at:

            The Information Commissioner's Office

            Wycliffe House, Water lane

            Wilmslow, Cheshire

            SK9 5AF

            Tel: 01625 545700

[4]http://www.ico.org.uk/

 

Yours faithfully

 

Tracey Wright

Information Specialist

Peterborough City Council

Town Hall

Peterborough

PE1 1HG

 

foi[5]@peterborough.gov.uk

Telephone 01733 452533

ref:_00Db0eVBc._5000X1VpFRr:ref

show quoted sections