IT Health Check
Friday, 31 August 2018Question
I would like to ask the following questions under the Freedom Of Information act 2000. Care has been taken to ensure the questions do not compromise IT security but if you believe the information is exempt from the Freedom Of Information Act 2000, please provide the considerations from the relevant public interest test.
In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)?
In which months of the year do you procure the penetration testing services for the ITHC?
For you last ITHC, how many days were required by the provider to complete the ITHC. Where possible, please break it down by onsite, external and reporting days?
Did you purchase external services to assist with your ITHC remediation actions?
Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)?
How was your last ITHC contract awarded, i.e. framework, quotes or public tender?
How many virtual servers do you have on premise?
Do you have any managed security services? Please list.
Do you have any other compliance, i.e ISO27001 or N3?
Do you have any security infrastructure projects in the next 12 months?
What is your IT security training budget?
Do you purchase any security infrastructure training for IT staff and / or red team security training?
Who is responsible for managing security infrastructure? Please provide their contact details
Who is responsible for procuring security infrastructure? Please provide their contact details
Who is responsible for procuring ITHC services? Please provide their contact details
Who is responsible for procuring training for IT staff? Please provide their contact details
What is cost threshold that mandates a public tender?
Answer
In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)? October / November
In which months of the year do you procure the penetration testing services for the ITHC? December
For you last ITHC, how many days were required by the provider to complete the ITHC. Where possible, please break it down by onsite, external and reporting days? 2 onsite 2 offsite one of which was reporting
Did you purchase external services to assist with your ITHC remediation actions? No
Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)? No
How was your last ITHC contract awarded, i.e. framework, quotes or public tender? Quick quote
How many virtual servers do you have on premise?120
Do you have any managed security services? Please list. No
Do you have any other compliance, i.e ISO27001 or N3? No
Do you have any security infrastructure projects in the next 12 months? No
What is your IT security training budget? There is no budget set aside specifically for IT security training
Do you purchase any security infrastructure training for IT staff and / or red team security training? Yes
Who is responsible for managing security infrastructure? Please provide their contact details. Robert Emmott (Director of Finance and Corporate Resources) has responsibility for managing the security infrastructure. Tel: 01851 822628, email: remmott@cne-siar.gov.uk (Opens in a new window or downloads a file)
Who is responsible for procuring security infrastructure? Please provide their contact details the procurement department
Who is responsible for procuring ITHC services? Please provide their contact details. The procurement department
Who is responsible for procuring training for IT staff? Please provide their contact details. The procurement department.
What is cost threshold that mandates a public tender? £50,000