Service providers and PII

Gabby Dunne made this Freedom of Information request to Canterbury City Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Canterbury City Council,

1. Do you use an external IT service provider/Managed Service Provider (MSP)?
- Yes
- No

2. Does your provider/MSP serve as a processor of your Personally Identifiable Information (PII)?
- Yes
- No

If No, thank you for your time.
If Yes, please see below:

3. Does your contract/Service Level Agreement (SLA) with the provider(s) have clear provisions for the allocation of responsibilities in the event of a data breach?
- Yes
- No

4. Have you revisited your original contract(s) to ensure compliance with the General Data Protection Regulation (GDPR)?
- Yes
- No

5. Does the contract/SLA define the time frame in which a security breach at the provider must be reported to you?
- Yes
- No

6. Do you have policies in place for privileged account management?
- Yes
- No

7. Has your service provider/MSP suffered a data breach involving your organisation’s PII in the last 12 months?
- Yes
- No

8. If yes, how long did it take for them to notify you?
- <30 minutes
- 31 mins – 1 day
- 1 – 2 days
- 2 – 3 days
- More than 3 days

Yours faithfully,

Gabby Dunne

CCC FOI, Canterbury City Council

Thank you for submitting a Freedom of Information request.  Your email has
been forwarded to the Freedom of Information and Data
Protection Coordinator. 
We endeavour to respond to all Freedom of Information requests within 20
working days but if we think the request requires extra time we will
contact you to let you know.
Kind regards
Freedom of Information Team
Canterbury City Council

CCC FOI, Canterbury City Council

Reference:         6557

Title:                   Service providers and PII

 

Thank you for your freedom of information request.

 

Please see below for our response. 

If you are unhappy with the way your enquiry has been dealt with, you may
ask for an internal review by e-mailing [1][email address] or by
following the procedure set out on the council’s website. 

If you are still dissatisfied after an internal review, you may appeal to
the Information Commissioner, Wycliffe House, Water Lane, Wilmslow SK9
5AF.

Kind regards,

 

Emma

 

 

Information Governance Team

Canterbury City Council

 

 

 

 

Reference:         6557

Title:                    Service providers and PII

Date of reply:    02 July 2018

 

Summary:          

Service providers and PII

 

Question 1

Do you use an external IT service provider/Managed Service Provider
(MSP)? 

Our response:

No

 

Question 2

Does your provider/MSP serve as a processor of your Personally
Identifiable Information (PII)?

Our response:

No

 

Question 3

Does your contract/Service Level Agreement (SLA) with the provider(s) have
clear provisions for the allocation of responsibilities in the event of a
data breach? 

Our response:

Not applicable

 

Question 4

Have you revisited your original contract(s) to ensure compliance with the
General Data Protection Regulation (GDPR)? 

Our response:

Not applicable

 

Question 5

Does the contract/SLA define the time frame in which a security breach at
the provider must be reported to you? 

Our response:

Not applicable

 

Question 6

Do you have policies in place for privileged account management? 

Our response:

Not applicable

 

Question 7

Has your service provider/MSP suffered a data breach involving your
organisation’s PII in the last 12 months?

Our response:

Not applicable

 

Question 8

If yes, how long did it take for them to notify you? 

Our response:

Not applicable

References

Visible links
1. mailto:[email address]