Display Single Record

FOI Request

Disclosure ID
FOI/02447
Request Date
May 17, 2018
Subject
GDPR Preperation & Compliance
Description
  1. 1. Have you invested in technology specifically to comply with GDPR?
    1. Yes
    2. No
  2. Which information security framework(s) have you implemented?
  3. Have you signed contractual assurances from all the third-party organisations you work with requiring that they achieve GDPR compliance by 25 May 2018?
    1. Yes
    2. No
  4. Have you completed an audit to identify all files or databases that include personally identifiable information (PII) within your organisation?
    1. Yes
    2. No
  5. Do you use encryption to protect all PII repositories within your organisation?
    1. Yes
    2. No
  6. As part of this audit, did you clarify if PII data is being stored on, and/or accessed by:
    1. Mobile devices
    2. Cloud services
    3. Third party contractors
  7. Does the organisation employ controls that will prevent an unknown device accessing PII repositories?
    1. Yes
    2. No
  8. Does your organisation employ controls that detect the security posture of a device before granting access to network resources – i.e. valid certificates, patched, AV protected, etc.
    1. Yes
    2. No
  9. Should PII data be compromised, have you defined a process so you can notify the relevant supervisory authority within 72 hours?
    1. Yes
    2. No
  10. Have you ever paid a ransom demand to have data returned / malware (aka ransomware) removed from systems?
    1. Yes
    2. No
  11. To which positions/level does your data protection officer report? i.e. CISO, CEO, etc
Response
  1. No
  2. The information regarding our security framework is withheld under section 36 (prejudice to the conduct of public affairs) of the Freedom of Information Act. The protection of PII is of paramount importance to the Trust as is the security of its network. The Chief Information Officer does not believe it is in the public interest to disclose the information requested.
  3. This work is on- going due to the volume of contracts held in the organisation.
  4. Yes
  5. The Trust ensures that all its data centres are secure. All the Trust end point devices are encrypted.
  6. :-
    1. Yes
    2. Yes
    3. Yes
  7. Yes
  8. Yes
  9. Yes
  10. No
  11. The Chief Information Officer
Attachment 1
Attachment 2
Attachment 3
Attachment 4
Attachment 5
Attachment 6
Attachment 7
Attachment 8
Attachment 9