IT Health Check

Friday, 31 August 2018
Reference
2018071727000104
Category
Request Date
Tuesday, July 17, 2018
Response Date
Wednesday, August 1, 2018

Question

I would like to ask the following questions under the Freedom Of Information act 2000.  Care has been taken to ensure the questions do not compromise IT security  but if you believe the information is exempt from the Freedom Of Information Act 2000, please provide the considerations from the relevant public interest test.
 
In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)?
 
In which months of the year do you procure the penetration testing services for the ITHC?
 
For you last ITHC, how many days were required by the provider to complete the ITHC.  Where possible, please break it down by onsite, external and reporting days?
 
Did you purchase external services to assist with your ITHC remediation actions?
 
Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)?
 
How was your last ITHC contract awarded, i.e. framework, quotes or public tender?
 
How many virtual servers do you have on premise?
 
Do you have any managed security services?  Please list.
 
Do you have any other compliance, i.e ISO27001 or N3?
 
Do you have any security infrastructure projects in the next 12 months?
 
What is your IT security training budget?
 
Do you purchase any security infrastructure training for IT staff and / or red team security training?
 
Who is responsible for managing security infrastructure? Please provide their contact details
 
Who is responsible for procuring security infrastructure? Please provide their contact details
 
Who is responsible for procuring ITHC services? Please provide their contact details
 
Who is responsible for procuring training for IT staff?  Please provide their contact details
 
What is cost threshold that mandates a public tender?

Answer

In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)? October / November
 
In which months of the year do you procure the penetration testing services for the ITHC? December
 
For you last ITHC, how many days were required by the provider to complete the ITHC.  Where possible, please break it down by onsite, external and reporting days? 2 onsite 2 offsite one of which was reporting
 
Did you purchase external services to assist with your ITHC remediation actions? No
 
Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)? No
 
How was your last ITHC contract awarded, i.e. framework, quotes or public tender? Quick quote
 
How many virtual servers do you have on premise?120
 
Do you have any managed security services?  Please list. No
 
Do you have any other compliance, i.e ISO27001 or N3? No
 
Do you have any security infrastructure projects in the next 12 months? No
 
What is your IT security training budget? There is no budget set aside specifically for IT security training
 
Do you purchase any security infrastructure training for IT staff and / or red team security training? Yes
 
Who is responsible for managing security infrastructure? Please provide their contact details.  Robert Emmott (Director of Finance and Corporate Resources) has responsibility for managing the security infrastructure. Tel: 01851 822628, email: remmott@cne-siar.gov.uk (Opens in a new window or downloads a file)
 
Who is responsible for procuring security infrastructure? Please provide their contact details the procurement department
 
Who is responsible for procuring ITHC services? Please provide their contact details.  The procurement department
 
Who is responsible for procuring training for IT staff?  Please provide their contact details.  The procurement department.
 
What is cost threshold that mandates a public tender? £50,000