Service providers and PII

Gabby Dunne made this Freedom of Information request to Worcester City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Worcester City Council,

1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No

2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No

If No, thank you for your time.
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No

4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No

5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No

6. Do you have policies in place for privileged account management?
- Yes
- No

7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No

8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days

Yours faithfully,

Gabby Dunne

FOI, Worcester City Council

4 Attachments

[1]Description: Description: Description:
cid:image001.png@01D0E4A2.14F5EAC0

17/07/2018

Our Ref: 20180445/WW

Email: [2][Worcester City Council request email]

 

 

Dear Gabby Dunne,

 

Thank you for your below Freedom of Information request sent to Worcester
City Council.

 

Response:

1.   Do you use an external IT service provider/Managed Service Provider
(MSP)? No – Worcester City Council’s IT is provided by a Shared Service in
conjunction with Malvern Hills District Council and Wychavon District
Council.

 

 

2.   Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)?

N/A – please see response to question one above.

 

If No, thank you for your time.

If Yes, please see below:

 

3.   Does your contract/Service Level Agreement (SLA) with the provider(s)
have clear provisions for the allocation of responsibilities in the event
of a data breach? N/A – please see response to question one above.

 

4.   Have you revisited your original contract(s) to ensure compliance
with the General Data Protection Regulation (GDPR)? N/A – please see
response to question one above.

 

 

5.   Does the contract/SLA define the time frame in which a security
breach at the provider must be reported to you?  N/A – please see response
to question one above.

 

6.   Do you have policies in place for privileged account management? N/A
– please see response to question one above.

 

7.   Has your service provider/MSP suffered a data breach involving your
organisation’s PII in the last 12 months? N/A – please see response to
question one above.

 

8.   If yes, how long did it take for them to notify you? N/A – please see
response to question one above.

 

 

If you are dissatisfied with the handling of your request, you have the
right to ask for an internal review. Internal review requests should be
submitted no later than two months from the date of our response to your
original request. These requests should be sent by email to
[3][Worcester City Council request email] or to the following postal address:

 

The Monitoring Officer

Worcester City Council

The Guildhall

High Street

Worcester

WR1 2EY

 

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a
decision. The Information Commissioner can be contacted at: Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9
5AF.If you have any queries about this request please do not hesitate to
contact us. Please remember to quote the reference number above in any
future communications.

 

Yours sincerely,

William Wade

 

Corporate Strategy and Policy Team
[4]cid:image001.png@01D256F7.BAD3CFC0 Email:
[5][Worcester City Council request email]
[6]Description: Description: Description: Telephone: (01905)
C:\Users\rmorris.WCCNETWORK.001\AppData\Local\Microsoft\Windows\Temporary 722104
Internet Files\Content.Outlook\GJYI1JMJ\telephone icon.png
[7]Description: Description: Description:
C:\Users\rmorris.WCCNETWORK.001\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.Outlook\GJYI1JMJ\logo copy.png

Building a successful future on 2,000 years of history

 

show quoted sections